From d8c265280a244b22cdd98605bbdd1e45fed53a0c Mon Sep 17 00:00:00 2001 From: Phil Miller Date: Tue, 13 Oct 2020 15:30:57 +0100 Subject: [PATCH 1/4] BAU remove SE, CZ, IT, MT from single country proxy node in prod --- ci/prod/deploy-pipeline.yaml | 378 +---------------------------------- 1 file changed, 1 insertion(+), 377 deletions(-) diff --git a/ci/prod/deploy-pipeline.yaml b/ci/prod/deploy-pipeline.yaml index fdd371f09..e053287f4 100644 --- a/ci/prod/deploy-pipeline.yaml +++ b/ci/prod/deploy-pipeline.yaml @@ -145,380 +145,4 @@ spec: --allow-ns "${RELEASE_NAMESPACE}" \ --app "${RELEASE_NAME}-${APP_NAME}" \ --diff-changes \ - -f ./manifests/ - - - name: deploy-se-production - serial: true - plan: - - - get: release - trigger: true - - - get: nightly - trigger: true - - - task: render-manifests - config: - platform: linux - image_resource: *task_toolbox - inputs: - - name: release - outputs: - - name: manifests - params: - CLUSTER_NAME: ((cluster.name)) - CLUSTER_DOMAIN: ((cluster.domain)) - CLUSTER_PUBLIC_KEY: ((artefact-signing-key.publicKey)) - RELEASE_NAMESPACE: ((namespace-deployer.namespace)) - RELEASE_NAME: se - HUB_FQDN: www.signin.service.gov.uk - ERROR_PAGE_URL: https://www.signin.service.gov.uk/proxy-node-error - CONNECTOR_NODE_NATIONALITY_CODE: SE - CONNECTOR_ENTITY_ID: https://connector.eidas.swedenconnect.se/idp/metadata/sp - CONNECTOR_METADATA_FQDN: connector.eidas.swedenconnect.se - CONNECTOR_METADATA_PATH: /idp/metadata/sp - CONNECTOR_METADATA_SIGNING_TRUSTSTORE_BASE64: MIIHdgIBAzCCBy8GCSqGSIb3DQEHAaCCByAEggccMIIHGDCCBxQGCSqGSIb3DQEHBqCCBwUwggcBAgEAMIIG+gYJKoZIhvcNAQcBMCkGCiqGSIb3DQEMAQYwGwQUKiXkCnL3W3CWxureOFqpM2kv2zMCAwDDUICCBsDTtEmurOkEnBQLP2fF0vj71lE0bkhodtiTY/J2V68q2dNdYHRPSYZ9KCSN7j5MiKGNDjq8kOs80XmqLK1G/om7FS4zIaoIVKw8JoWSdnWJGR4SLh4q7LgBOeA7UbgTS6mfue+6XyyOZqVC2fYKqLsEK6vBSrQeRzfycTGa/MxOX1IU0rYgrKPTYqMDXGW6WlapbZQpbpW+6eeaFXwVGxxm7AXT87ejrVJMpSKIsxRlMrePXly3PoNwtSv9Byo2/zDeWypy9mbDPGo+8gDj0aVuS52Jqf/Jc4BhEQq7w8AVDMNkEzZ+koMU5mMoPCtMCxtEqik6WweZoM/Y+xfIsMYC1NlSbM+twhAUEyepdF7dQ9MU3tlgefebaWww5MbP6F6t/eY01N3a59zVNE5bmrYx4QbyOIBRFq+70v3/QZFWVRqEqLHDpPqJsXOB/3jOoBE44UKXrnhjzAhaYgnowVozXYjCQfdoqJzn6NSRB7aXwmGZPTN6cV/rpe4jGvsRo96vutovCppwQlaADaRZn1/lRn0dLi92w2qKn3nUdi6tsj6XJlbbhiD14wCRW+XSNMS2MDH2/WPLcHA6MxNnraT2xHj6ZLN6bIa0v338dNpIxHfZEx8pdo9CZoRCy/71dvOyiZYSaRzTdcO9F7iiDoalgI5qO4rpUY5FWTfegUdNa4bBNWqLkI4rwvwdhVPawe4CLdqQni0IjnUjfXVj3fjjg1U4mAFZhFNZvmxVm+pNThAqTPX4w/YeOzoPZoVhEX08vk54W/WTfVUWkClSOIJ5R1EhZZXW+27Mjp1cyelTxkU99AhQWO5xoj9fFi8MO+qEaykileq3n3YWBpuVo1GoL8/fKylf2ecYjLPnKCkoQcXMAWojfLSaPTuOXtAACOHXDGe5rryXQidRHx2SLg9ph52VO0xwyG4PqB0WdpWpdhBG1KhxLVEwiUh8sNtkNpFyzsvuHLbX1aYOnPNq/vCgy7LA+b1R7/K6PiBMKx3wf6h5RYEGCaxJonAQApV/yuDrWT8Jj2jltmnVL3DZ8Zt1hC5CGr7gPFQYR4JEk6YCxwBj1V/uqtAh6QOP6eu/7QhvM9Ki8iVT2xAsoN4PD7Vi4A5A17ihxgN8ZEhx6ndWo3O6Io7sKxajIl7k2YIpRCS6WrBDpHkN4wgTOxRWSsdq8GWKIa2MOcAuipLOqSt5yPcZhp+ZOM7SaGD+GABWJfV86LBLklYeWGNeFKqcERlg9IScJ+QrBDF4uaXmqojjRsKCPSlVQj5JWvtc/ova44Qm5qgx+IgwPMezWEYAVAmozim2mRuSM1bOANVlYh66qQOgPs3CAxGMf7Cd/+ZOCigJv4shrWR9NgqRTO0Z0u4fvxrDV9Xo83W0EFLrn8IZUyCwIyBO0WIskGziD+Y+pZX4bJirLXHfei9HgBjxGOC/0xvh2n/qPsi04DeSkAVLKogk/1G3Hng4rqJRCOpyukDzQGPieNWgaw9s0qt7wFDpxcb1cmE3thKRvrKu/mD/jTAIRyP/Px2R9LCWmhZ0Uap+WFnZWMU+LMrkywa75z1qZChU8kKOG0m58r+YQakZUFzelcGDuFWehBtgpGjjmbIErCQuiXZ4hlIAAow+k+gVd0ppKzmWFPiOhrNZPKzqNX91XwVtkiS52NWYPOI0I5B4tQCCMrr7MAlPrht/81Q/GQpCYZFgQstrcV3CClj/pu+fIbbELZvaYZnlPmXLsEh/AMQ5GZ/e0uH53sBqI69PrDvqFkQp2U1XzD6fXcoqKVAcqDbTVhaf4jiXjK70ApS9toQFXfiiP9s/pD7IaeCQF+InrdPJuUBoydRSQd3YdkGKSzJf4ckfPHsEpIspwa8wpbURyT25XZ53rvuz29C1u1SuMnbMw9ZkL8EUrpBTSPP0Rvpe7SCmJa8gvAhr1aT8N43Nj+oJDTOBZlvz/6lxC3acskHqpVMQKIZ8zYT/lMZxIACW3YoiEz1236cIkrB+RzizFWj5HQTSzcIFAYWm+PBLiGgNNXipHFOXSZiMFxi4HKuS8YYNCILCLBQhjyNCo6yWcgSm/vAT27f4D+ip47sW2kNJWR0AhMr23Qc7ByGXW2wYGHfiEOWHdRzKT9Xaa43UnFqCXyjRPBzFNEH9cV46kqiRsTCZMqSzEMYNs6ApIWQY7tia6mR+FTB7ZkTuVdi55gt64ftJvQkl+FyPH/wVtidlwag5o8b2fstVMg5M7jsotBu+OBdLdiQ+Sa+IQYJKSEkLIvsbhNlrmXfEJC21NAtwTsS4LpM/jpUkXp7/46nD9iGdWKp+c9nCR94wPjAhMAkGBSsOAwIaBQAEFJIiBUhRzdVXd/hw5mRQG0sBadAoBBQ1p/KPl6BAxlZ9LyzPgdH4pkTPxgIDAYag - CLOUDHSM_IP: ((cluster.cloudHsmIp)) - run: - path: /bin/bash - args: - - -euc - - | - echo "preparing keyring..." - echo "${CLUSTER_PUBLIC_KEY}" > key - gpg --import key - gpg --export > ~/.gnupg/pubring.gpg - echo "verifying package" - helm verify ./release/*.tgz - echo "rendering chart with release name '${RELEASE_NAME}' and namespace '${RELEASE_NAMESPACE}'..." - helm template \ - --name "${RELEASE_NAME}" \ - --namespace "${RELEASE_NAMESPACE}" \ - --set "global.cluster.name=${CLUSTER_NAME}" \ - --set "global.cluster.domain=${CLUSTER_DOMAIN}" \ - --set "global.cloudHsm.ip=${CLOUDHSM_IP}" \ - --set "hubFqdn=${HUB_FQDN}" \ - --set "gateway.errorPageURL=${ERROR_PAGE_URL}" \ - --set "connector.entityID=${CONNECTOR_ENTITY_ID}" \ - --set "connector.metadata.fqdn=${CONNECTOR_METADATA_FQDN}" \ - --set "connector.metadata.path=${CONNECTOR_METADATA_PATH}" \ - --set "connector.metadataSigningTruststoreBase64=${CONNECTOR_METADATA_SIGNING_TRUSTSTORE_BASE64}" \ - --set "translator.connectorNodeNationalityCode=${CONNECTOR_NODE_NATIONALITY_CODE}" \ - --output-dir "./manifests/" \ - ./release/*.tgz - - - task: deploy-manifests - timeout: 10m - config: - platform: linux - image_resource: *task_toolbox - inputs: - - name: manifests - params: - KUBERNETES_SERVICE_ACCOUNT: ((namespace-deployer)) - KUBERNETES_TOKEN: ((namespace-deployer.token)) - KUBERNETES_API: kubernetes.default.svc - RELEASE_NAMESPACE: ((namespace-deployer.namespace)) - RELEASE_NAME: se - APP_NAME: proxy-node - run: - path: /bin/bash - args: - - -euc - - | - echo "configuring kubectl" - echo "${KUBERNETES_SERVICE_ACCOUNT}" | jq -r .["ca.crt"] > ca.crt - kubectl config set-cluster self --server=https://kubernetes.default --certificate-authority=ca.crt - kubectl config set-credentials deployer --token "${KUBERNETES_TOKEN}" - kubectl config set-context deployer --user deployer --cluster self - kubectl config use-context deployer - - echo "applying chart to ${RELEASE_NAMESPACE} namespace..." - kapp deploy \ - -y \ - --namespace "${RELEASE_NAMESPACE}" \ - --allow-ns "${RELEASE_NAMESPACE}" \ - --app "${RELEASE_NAME}-${APP_NAME}" \ - --diff-changes \ - -f ./manifests/ - - - name: deploy-cz-production - serial: true - plan: - - - get: release - trigger: true - - - get: nightly - trigger: true - - - task: render-manifests - config: - platform: linux - image_resource: *task_toolbox - inputs: - - name: release - outputs: - - name: manifests - params: - CLUSTER_NAME: ((cluster.name)) - CLUSTER_DOMAIN: ((cluster.domain)) - CLUSTER_PUBLIC_KEY: ((artefact-signing-key.publicKey)) - RELEASE_NAMESPACE: ((namespace-deployer.namespace)) - RELEASE_NAME: cz - HUB_FQDN: www.signin.service.gov.uk - ERROR_PAGE_URL: https://www.signin.service.gov.uk/proxy-node-error - CONNECTOR_NODE_NATIONALITY_CODE: CZ - CONNECTOR_ENTITY_ID: https://conn.eidasnode.cz/EidasNode/ConnectorMetadata - CONNECTOR_METADATA_FQDN: conn.eidasnode.cz - CONNECTOR_METADATA_PATH: /EidasNode/ConnectorMetadata - CONNECTOR_METADATA_SIGNING_TRUSTSTORE_BASE64: MIIDfgIBAzCCAzcGCSqGSIb3DQEHAaCCAygEggMkMIIDIDCCAxwGCSqGSIb3DQEHBqCCAw0wggMJAgEAMIIDAgYJKoZIhvcNAQcBMCkGCiqGSIb3DQEMAQYwGwQUqBnJ9JaywtRr1f+gilP/uSuTb7ICAwDDUICCAsjuyYipUJ9wERod2H+k54em3CVN1sO4wVP04zgvMA6JNbkXn20T6GcbvtJAsidUBXJW/PyxVWigcXJVWTRleSfFJQljfJy5hVoV/y9Mr7fa+/wi992n8xhIbU3gIUioi1fzdYTNHJAxQYsGZN63+/OouwTBTZV8QNf3biI4JRcLVmIMYTzLt7++wQRHt/l1b0Z1mRUORlsnYRVvA8GelYpAQGTpIIMC74u834qSr3ZKIAdapVDSTL9+vh+Zb9W7nVFGqCmYT+S7y+9DlV8PLovTR5xvNo5jPBr/hxrkt/+IEqRw8sWl3ENc6cIPPKIrhvZWGbMrC/WHWkPNS/vDZBEM6BnfjgoA+pD8bOj/hJNjCw5JZOSTda238A/R9/4U0TwCl5tLwcUNae1MNE/hknZDZtmLLa3S/7sgbRVzVupEECI3qncw5/gGJIbI0q7fO7J9asKnD9teoGPjzY9MORTnxfjs8y1cdHYMGjdDGTOWMAU+VxKu5M8bUym+KglO26MH15i5OLhClIf/iKHIOQeHCYX+14QcOxTiucdVqkyEQaUbXHSZpu5mS0rYX7Voqlqt03v3Q4g6V6CsiufXVULQxPrtc95Lifhcb0N+T4bJa3g+YOq3pVYNK5yxOlCjgfnLXZpfBgGVWQ4Jgr85P3MPuuXljeuqFS8w1q/2fEqnCN1azvjSE9g7wbUHTvbBsssNePfovypikbMj4sOxZJXfqjl+J5hbc3Wt7DF3hmsLeF5RSiDtGgQ0Rptxpljczct7biZ4gEHJIVczSsjaxSqnFwFLfYAX+Afs9VynqtvdtFCERF0C8u1kLFCIUhsanoVfRqVRbRMVGd64Gg2TdTRVoL806oCR3B401zSwgVCkmupgIgxduQYvmM+j1k0jKdhZi5wnwExIRUrf2lwiY1rDAyGbRTzeoYL05jxyLB1z90a2Z5OaaZxGMD4wITAJBgUrDgMCGgUABBQVdEBb70xXdXyGgpCIbHJ70XWHsAQULRH0QjEEx/RrcyErP9YmH3NUUUMCAwGGoA== - CLOUDHSM_IP: ((cluster.cloudHsmIp)) - run: - path: /bin/bash - args: - - -euc - - | - echo "preparing keyring..." - echo "${CLUSTER_PUBLIC_KEY}" > key - gpg --import key - gpg --export > ~/.gnupg/pubring.gpg - echo "verifying package" - helm verify ./release/*.tgz - echo "rendering chart with release name '${RELEASE_NAME}' and namespace '${RELEASE_NAMESPACE}'..." - helm template \ - --name "${RELEASE_NAME}" \ - --namespace "${RELEASE_NAMESPACE}" \ - --set "global.cluster.name=${CLUSTER_NAME}" \ - --set "global.cluster.domain=${CLUSTER_DOMAIN}" \ - --set "global.cloudHsm.ip=${CLOUDHSM_IP}" \ - --set "hubFqdn=${HUB_FQDN}" \ - --set "gateway.errorPageURL=${ERROR_PAGE_URL}" \ - --set "connector.entityID=${CONNECTOR_ENTITY_ID}" \ - --set "connector.metadata.fqdn=${CONNECTOR_METADATA_FQDN}" \ - --set "connector.metadata.path=${CONNECTOR_METADATA_PATH}" \ - --set "connector.metadataSigningTruststoreBase64=${CONNECTOR_METADATA_SIGNING_TRUSTSTORE_BASE64}" \ - --set "translator.connectorNodeNationalityCode=${CONNECTOR_NODE_NATIONALITY_CODE}" \ - --output-dir "./manifests/" \ - ./release/*.tgz - - - task: deploy-manifests - timeout: 10m - config: - platform: linux - image_resource: *task_toolbox - inputs: - - name: manifests - params: - KUBERNETES_SERVICE_ACCOUNT: ((namespace-deployer)) - KUBERNETES_TOKEN: ((namespace-deployer.token)) - KUBERNETES_API: kubernetes.default.svc - RELEASE_NAMESPACE: ((namespace-deployer.namespace)) - RELEASE_NAME: cz - APP_NAME: proxy-node - run: - path: /bin/bash - args: - - -euc - - | - echo "configuring kubectl" - echo "${KUBERNETES_SERVICE_ACCOUNT}" | jq -r .["ca.crt"] > ca.crt - kubectl config set-cluster self --server=https://kubernetes.default --certificate-authority=ca.crt - kubectl config set-credentials deployer --token "${KUBERNETES_TOKEN}" - kubectl config set-context deployer --user deployer --cluster self - kubectl config use-context deployer - - echo "applying chart to ${RELEASE_NAMESPACE} namespace..." - kapp deploy \ - -y \ - --namespace "${RELEASE_NAMESPACE}" \ - --allow-ns "${RELEASE_NAMESPACE}" \ - --app "${RELEASE_NAME}-${APP_NAME}" \ - --diff-changes \ - -f ./manifests/ - - - name: deploy-it-production - serial: true - plan: - - - get: release - trigger: true - - - get: nightly - trigger: true - - - task: render-manifests - config: - platform: linux - image_resource: *task_toolbox - inputs: - - name: release - outputs: - - name: manifests - params: - CLUSTER_NAME: ((cluster.name)) - CLUSTER_DOMAIN: ((cluster.domain)) - CLUSTER_PUBLIC_KEY: ((artefact-signing-key.publicKey)) - RELEASE_NAMESPACE: ((namespace-deployer.namespace)) - RELEASE_NAME: it - HUB_FQDN: www.signin.service.gov.uk - ERROR_PAGE_URL: https://www.signin.service.gov.uk/proxy-node-error - CONNECTOR_NODE_NATIONALITY_CODE: IT - CONNECTOR_ENTITY_ID: https://connector.eid.gov.it/EidasNode/ConnectorMetadata - CONNECTOR_METADATA_FQDN: connector.eid.gov.it - CONNECTOR_METADATA_PATH: /EidasNode/ConnectorMetadata - CONNECTOR_METADATA_SIGNING_TRUSTSTORE_BASE64: MIIZ/gIBAzCCGbcGCSqGSIb3DQEHAaCCGagEghmkMIIZoDCCGZwGCSqGSIb3DQEHBqCCGY0wghmJAgEAMIIZggYJKoZIhvcNAQcBMCkGCiqGSIb3DQEMAQYwGwQUHKP1lkYEukhhFGuo8pwOt63mB8oCAwDDUICCGUhMvQ6vYIdM2R4nxYfJZznzP6fG1Ter4uvq0yNeNTQ/6o3WTp9F1FfU3L1ctUZKGtjJ48Rzr4aTp9x//D6wmGzmZbH+480/KaQdhpcqsUE91F+bBw0A0NSVyAkL6Vb9mfKxhneqDnZ4wqFGXiEQB/aApncjr0J7jHEusTyum1Xlzna9M6ZZcgLUdZG7rvPfcmsScdSkWKWd2O3sAhvw1sPs7jK6dAgE7L1FE8+EAT+DvAH7/qqc6r+XzwK9YS127G5Vw9RgpWrj6ABw473Lr2OwKX9eC+4sFoohPnJBlmmvya+jTKwFEKI/kd7qAaQ9YwkrprbfaaktvRdGVAdQ7Go3npfQlCP6bahphIZBhcjMplnB1n0xeszq28SmjqmXcxU9AENHOK6ryrFnOuNZWIP32P/iTzpcO2v40jRpoPmyJF0R6SX07w3tckrSrUTBol/gPbIvWIxShBmUBgxi6u2cChFkedqkDcmeIPQWy2qWVBQqaZK452wOhjBzFQxGbevMROTvasINMoDgQj61Mc6dPNRF71wYuADJ+88/ZtWjDna6rGsj+SjDdkkbuDOnFoBIo8nbv7Ex/lghUErwSCh16mhV12zl0orBhIMPBXEDOfKt3YbQdo633AJl195ZqIIZoLFF/rXKJVZGdssvCy1iFwXXroitrY7Vmg11pyHYwvabGSUzQgh/dXQJbb2WnrM5A1L7hfC9FjsGoh90R7LnopU+MnDLipwRGospzzCVSfSvXyUJrbSBu4e6RnLV0lG1Zg5qV8VYDtxlN7eQlheS4Ln0/BIGrpwgyrB8H4QuHMxiQKK3du8FpprOpCZ1Sf4DYzfENzynIMbZfD3fly6e370AhPG21AN6PDbMMs4S1QZ+4I3IZfaIZC8HgStkr1D14PsQXcHML2CJ4oXCuL02021c+E4Ip9Rny2l4+/oWfwoI60Ns7hlrDFgoh3Uuv4a2Tft3wqDovfr0Fg9fiRjdTQvvX8VrE+KMydUvwsX9c4xCuLaC+RLHmIT1j9wWz2IWcq9rXxrs0tiw+TiMCyLVT9LNzwffrydnjnn3hVbK36tU5dh+nu1SIdp7IK5moC4JLxCB2H/Ueik7Xio9CQilyRCH78wbeOO9A4lj40CShRSQ3KaFB4a78SLt/DsZSEtUNH5xzoaeTLdY0YZ2lJL7ErjIS3OPIh18Y3iwek6oMjnHWUzP1gHNqu1+NLEwucUSVSn1Si2AGeabSSaZPlEMwYAJg2bSxnDTa9vW6cxZm0XMmPTKmyg/9xMj6xOsy2WHyzVj9GYt++AkyrR/9fAxo6IDP6d/Sz/PjMTubywKDTWiMZrxp0nU2UFgUcka0OdnkgaE2z/9oB0i2l3GRy1iM6PSAqk/dQno9eqdPDQ/3QFMBqLzXHTskw1kK6Ei3PMFh64fHfPqaROrgkqxpKi0pq9p6ltFr9SWixt9uPlTV8El2D6jtPXR66AJ6VQk/shhLuXW0Gufo0ndF/4nUFA7i1NJJnOOARS4hTmTFOnSeUdKO+z0tS9x16pd1N2WaFIO0UrCmwVpj0dytUvZjwR9ZmkIlXGsrF17YLYMuZhgvJddJrEki1dkGGcGwCdx5IX/pgvjo9xODqHvp0DgagpLBJquPvn5rCDd9au+HvfUT4KdS9g6BG+33vGSEQ4jdxxkWzrfsWlIJww4K7rJ3heg4ZxhJO7/IsNjEa+A0AaAjDIdqY2IkkCWo4Y2rBFTjAOA1QkmNJnGSKAtdV+YxGLHJOi055yEXpsKGArLzu0jsG25WxvRzd25M99IbwWKK6xAnJD98O5yBJ5GaVNVwZrJ+dILLTB+PvAFGHnHOkJfDNjsBRFBJpE8ScuVlyEvhptlUYrZYkhFigEgP3HUi0StFEoy9KYW5uapX5mM+izITWQ6sfcZyWAiPOrvza27DI5bvI/EOLAjOvTO7V3tYEUvfuf70FZEBXdvoSqYd72xyVQWYt1J25ZrXthMM58ZZSVaqQmIksc6X3tm5BqnwA1WPABv1s3GL3REa5sihiCWcOE768hHs6AnOM2OjLsfroh43VJhSAa7yEARHqSJP49DayzMmvzsafY1JSvdGgHcNk8zXVoo8Z4Uoh8SgkCwTtr111cQBz9TnB7avMIJaompIOyo2TvZ1ID8XslVTiDOXi620TgUXF2m2senVOZkC2AtDBjfiWlGWzoWAvPvb5EVg738Fhrd8v3u7t/vyiol2flau1wsoYFkyiFrYbFFP0bvyP+w8ehn+J7ArLYrnjkBXuj+2jU1vPsvQHPhZTwGx681p9vaQMCe9zmx0iNr5tBvqTSoEFwqHajn5zoqzBuP7wf/wG7WeJlG+txCTW9bWfGVmzTES7h6hMJfPtCwm3a+YET+4zN/ZkUD8ubzrwKeLKf2w4TyiZ/Lkd/x8f69XnWAhWKA0fHAc8PzXdzbqAQ+LiSAK+cU/A/QwOB9pugixS+u8hzxCfKd86vlBpV29z3Kt0al/UR/HlnBi5O8Wh+spGawWBA60msGBwpPNREMGmjp+J1Cr25yyCl7bed1CzjOS/EyppaIqXwZhzA3qEQ3yhDaanUfyhJhqi84jYXkO5IqAjo57HKZUNjllo2+OnhBWI2BVEd6xrU5/2ClShJZrcshkVsGKaK43MB4w797UGlkCK4doph7W3WYFyiSmkjGcht9S0UHP5fRAVPDbrdTV98OQ/+LP18JkmeBAJ3QnTorwjqtKJGiwgdtu+LKjicClL3um/z4e/6uojR6LipbLue9xafKOEhVVmSotKcePa4kuyjoi/43rUkGbAfisY9iCYiz5CNSXByMb0FS1nIZaMooXELq4Wk1C9fG968BiNbOy4GeShv5tBfpiJXidphrxsiKkRnUtZxRfBxZeDXCEQVcaDS+rFbiwMXOuLzqq3IzfCgU634lDJ6BcCzDSgTU4egaRtxwxCHmTyWDkQqQ1crnqSG6RGQK/a4UD27Cd6K2S8MAukGlX3WUmHmKQ/R8d+mUeOw5CUfLOyVw+WwkAIWJU3KdOuGC04pdzHlHOa99OmS0oKan7em/v9+GWWAYevUzU0GObPkvRFPKldRCF+znhdmEYPCS0jAMn3tt/C13vyHLnZ37ZsMx4Yvskm5bd42doBWpDJ68pFDk9wosfdIRV6ZOemf4pdFAqeQiMZnhGNKh9B0Sa2vnRFGs2u1Wm5+LJ2ASsDDeO17w+9L4cKmiWKD5VHuyqfBYDkWtUpBCW9y/isEHnAfsC2XmKIDeA4Rsaky2zdnM4Qay6aTTDh1mjX4PTgt4mG0bIXKXebqXmpKIkeyhB39HmMjhbs+rCQzWejXz6VAj0uayzk0UmPBdvONUCi/cAaj89QTOH2oSNSORh5N978gmZYsV93YdWzmw/EipmgiWp4I5itZishwsg7Gm4U2CLR1T4EudGLmO/rMOh2oTUIJiLovv4x5EX/NAUeOahv65vj7btcnR7Gqb7zvIuNDGagXK4Fov1VmIzwOeCX6OyW9gze9KZuu12ptQZ691P2NR2jRkR5bGiUi74JIX7tbreKHM6nihzUTbY3aK7Cm+aqFqW+4o4d7q7V1pylKpXcz5DrOOmlDhQXiAKeJW+LExS+3tB5EsF+1WjSP+ZYTVxwkJFCp482uRpNPfBSPbpClDr3xTFivMXYoIEapGJB9IkIOIdqZM314W17a5ufrK6sWumgYs5n7GHuomzUzixTNT8oF9s2tXxoqDTnG+3vJH3N1OPDZ3SiZslUMxPQLO6pNaO83bz2c250X1MGs67Hy7Eiyt9NQJN6g0T4W08/wMmX+V+4lc+6koLeEOhrPmrLMNB1yZML0HrQMHXjHmbK/hGW9TohrP24Eup7EdT9X3qT7G9Cmh+i9luxEgdAwYJyWyqf9F5R0aM6RiwTfsDvm65b1ebp+rQtKNW5fJniSSB1s88nhe3dOWuqEbvSVDXASVgM4UT/X/4reJN0n+yYviZA5xgdbFZbGf88y4Rdm8Eak2vN13tTU4qZfoT+40XXvFm2WGyjyGVd7u1Ki8nBKU6p5OVkTWpykyh2Mo+wvZ4kyLi3CIIGeHu6scOXFYRSmRoSbHGY20dXqL6ndkio7x0zhCzQ+ONWGZibQB4XyN6dy3HgSdGUPwhPB4YR9jxdsHEt7lancvIZCTEbxkc/gBWEKGKQ+JInNaFUFwiYXweyXQjC2y7ByYJHSK8/aACM6J2OQMTfd69o8p4AFmgLm4ldjGfTjjx6yHnXMw7LXqErcwqQdTgKyD1fg8YsIxecLnPgW9hz/VbycBEgWOC7+iDy5adgcbQ0vI8L/KavHTdeyOzBCxqXncupIgjhPIiyUrUSS6q7Y+GtH1ARWNJOduOWYQcHq6XGNoe+HHhYN8KBCdiYnEnH+kklPglcSzCCPZLPYBWFDfsuiCoaGrJyLyKNSbV6q5d1UNSB34L2fWpJhcy4vKHsOg1dNUPZdBG6RjSan9bTOR7fstB5LJ2cay9/LBM3On+uQShjEs/CNR47YJ40p/A24l+7qoUAf7hfshE/87XUEyWwjZNw4TfxSv+BHhdDP4iuvGn3F96MkMq+aZQ1TuSi1YIfwPdlObIzTm+6Q/QjCMbdGlKuNSPc8cqrZ306TWUs8u2M/8+SjiwFM/aSHsBqBSuApb963GN6w8p6LjZqvyKoxsvAv7z+wM2WdU7Tyh7/GnTmUMXJILqrrukosyNq0TBioXm8RJf28NJL1oLZzXDOGan/iTDi9VJ5yVgbFiLjfetCSqyzPDsrkSRmjZHI4jQvaUAFGvGRVV9ID902yg2+Jl0QRgaEoa1Zq2W7+1YGLWVjzbs/zfODwopUcqp6V1sp10w4iQDB9hi9APPVCv4dbr6diruvNuliHXN/hbO/VyeTM2AF/DHk437SQ3JOxKm4KeiOf2ZldaKUXIE1kzZkECGnsK8JcrsWKnMCDcgeDuIFvQg3wBfRJxNH8B7IQIhiSD5B/XQYpcCnHxKQXgqXBc2pj4K46a8k0TLVz2NGzFGTafJ2W97jdR87W0lXPPhjc5pNvuFE3K4xj6ans9AsqN5j4ew2pPQsHmjOsCtkzDl2spFE2wOcxbPpoq17fJ0KungB2b5jtXVzXaGeb8Dq2xTCLkewmD8X6w+yB0dtJ+oW10o6ZwQoY5a937szSfyTnCEW1g9OtOf5r/oGi2hQrC/pkVjI9Xb+n2lO+1TSXyc4TPyBTJ6/J92MZdwAz4q++ejko9xMySZzhk/AsXkLEh9LfnuI+J80y0Wg1rx4ZROkkGfWM45P6D46ZsHbwcfNBPdlCs3bX910Ar9ka5WSbh3WFo6cgtGHKRi1gaUxflg0VInW93XETNMQdO1Vi4VbEk79rT2aEN0D4IruxJTh6HUobNYLnNBInBolqhPex9RMtbBpiMCmj9fopOG7f1N2AUZkcHCP1K4PSeBVJ1bJbD4lYcAlFaaSbZ4GhhCMMpVw6ZCZFzmpiFlETwKS9kVay4DSvMePAZ6YYKvoVYivLxvPskOloWOoIQ5DI35KCT1lSy4UoQarHs6nqq33+uH/PbNuFC45yoDAJT/45n/fqkJrngTnrfRawjm5+XK2VZBKcPN8IhWnf+WNs5B+p70MPg1MH6h16+pOfUcWihS7AuNMvn7gyROwH7DUnr8kWAeaW9QDwWAkO2D0JP6jbxi7yhQlCdczMI5qjf8vSPCEiEUwtKx7J4nGadH/RitD/wbD0QXe69SxYmKcW+Mrs/TVeSgRQoJTxxK7BuvbTxvGNNnzE8TA1pSI1/SnyDDA8Ibhc/LYghlhM1lOnSsrHNPkld6pSatEIQFIAeCRDkAvgVibf4PxgnYsv+91N+mjNu42rmPgOzfi45C6SkjIZzWkCkBk92qZZWpNvbspb9rCOkzUJIbV9D1NAxn7mAonkhMInf0SfiljfdWF3I/FDj94BuFhVcmXDGIw1jPJpwLqMsoSEOOEx2C6xXOXK1j27ff455Pav5r3gtODVx1RLfVOwgJcRZAJJYkJIn5Wh3t75Rnl+4sULWZsPcadt+5CQLUR5mem7WMM+WavbheczZFMm3lKPY4gitc/wqV4PtQYn4dZV4/UGuxcw7z8Kmg0A420EyTUnr7SBrEhFsYK4vuWCURSeLSIOy7RO8DsJ1C9EcX5pBNig5ylixIFYxHcFPLDuw1rt/VS8qezbh7cwJ9oYmWJjTL15r4uEBufvTeSSAkjROI7XtoSRzZM6/s1/CLg4Dngx7tkWwRiZnmzP3JfhyxIjATSPD4ltlHoanKC+nUfOOL3zN6zcaKb2U2MOC6Sfen83sfvEQZKb41vTruppSM6JhxEcRmtBhzOuB0joT3AxTgnh4/H6IwELEhZCQIQDzZbVQTPDNSqlIZpbaAQZm/QsrHriGnzIIuVQ+/C3VHNWLf4Br90pWOK1gd8U+Rk1cxRxmXYIzoSThwWCJNaPVIrm4/MMKjMVEw9oj3WDw23fBQL6Viq2nYOnTLHR+NyDif0TtI3Ve53iXQfdmA90Zfb3LfMkph3dqUm+BFUqCkkUHs5LfkCcxtskFdzUgyY+73xFgHm6zznszksENMTIEL9HeCJJLGjAkAMaxJdug482X6rwDsDlTRKvaqvefkZYohTtIdXRuhOp089GR39apiI1w2PZ7c9aplON92Eyp/GcdhcHN/AxvoUNdPnIFzRhOKzMLXlNLp3VbB1BF29sAkKNmLPq4MAbhKteZKizUnZ27WTXc4XIXoa6uFn/dRUyQyKCo/rP6yAZeubcNe9pCjwZxmvpz3KokiLbK0+yAPChc/FYNZ2JEkyM4N8eAIxD5QS77ZvnQ5DrOo+akxmm44K6GjL3JspgJyZZifEvpA6mMndNsH6Xtw/W0mAztF+dw5aVa6X2moXw3wkBz9jyNRA//qSWUngf9Axl0kM8P0alcYAGjXfXHjqSKlGzgXRos1amf6sOlOiBtiF3Q3OWRthQuXs3tkgN5KeiR58su5EpsW/YrcXv47asKmoNNemMhol6P58aHV+5ILY1AWni+hdeURk1zWVOeHj0rYkHT1s5dMm4TlzkuK0WC4seKg6iPms5+sHesTbbn07lzARRSPADT092in7iBO7PfQhveOdLK/IX4gZjqBiHCChaA2jHY4csy9f3FiwE35tyzvWRJ368Kq3VGfSgBcabbKERPSg2duxwQgX0tr5GVcmYwxY+pagVyqecNkcA2bfBvrk1LUqJHzSj6fiJoczgCBk3mlckCvwbdm71NJbxMFGL6y8MmojWVBR+Se9dB9eLgSsr7+A1UW35s7ox1DOO/+7ygccLf5/o94RRZk5uFKGsAXm+glooLIx/Vt/ghGq/27g/5ZZeFxNbN0jRAE00uS5CP0bnWkYDQ7bHYfwG00rnGn1S9MXr03vbFMNVFXaVteEKd6FFwlqWR3yKc1t6x/PRTiaFohUGsYpTXvb1pyKVfXXMxB3hFfwRq6wSMgagiX4iw9pV1otPJpQfJsu8HK1z923U5sZs4GdkdHjoFDRKBF7FjIA00+L4ZuAZWnd/VSTHg8P0AQ1cm3keTcGU8x2xvPSXy0eaCVy6sgMG2txv2dTTZ56Zo8STAPyJzSsvlT4tKXizq+1fHTlkvGos8rpYd4Vz2KCcEW8XErrfd8/s6W3TFuN7Zs5mlAX7N6b6hTAjqtjGIZYTdFHWoNYx+0/TigdwJDnkWSB24mhpDuZDFUufIPOIH71hPKUuPprAyJwbeuc2/6juV46Bjly3qw9PxzLdg47RyP2EAMijlCr3GiyPPpKIVdJnb82fVjSSR7z3qg58QSCf8brhfKvAA7gQjkCnM0C1gBYI1hGOxeVkhXnPZK3OoeeQAUzZjV4/FOwR8CBuFtsE1G6AZgZXmiy8l2LxHR5g5E/FjK0TvnR0UDlpBupc16ALR/fb5rX4DGytSSpY/aumNoRnAeIQmQUBh8FsSse8w+eXCu6eFBFLY6ZwFmPivjj8p7BKEcIE1tQrNGJu7J4wOOMjYxvlDlAjpyLi5FrG0VfCweQUj5YACHQCn8p0ytGiXXsBeYK5b1LB+mvYyrb6SrD7rAxzHVHMGnRnhgWedR+HDeHjcgO+rh9wlLkcX6ePbmwK6RfXIuXGZb799TJng9PWiZHWTdfRmHnEL8/2/ikOteDvKnjVTjbphTMvxErveR7RsRCjrcUF1eyQeI2/KqAVfkFCRfXxfFwiTJhpTXzwInLNUZiEzUUQhSV7Jdb/Hggx/XDLvACdJdD9XCkvsoeDEOYTG8NOI6eeGymsWPPJQrmD+lwuQaKEoneNl2TTmNfcgLolb83NstRn3Go5bjT60hqL7pbuwbZTuZwBe0Qg/LJqgs3nZQEvoiDjVUmYYTNHYWUZhTuIlsibTRR6Uz+I0QKgsyvg0YxHwdqP9UayPKWFsnI+l9lr+h81mUnjbo4I5RSD6msXmMfdKYjhDqjTcwHpS2TvRt5pKPlOfwQRKoNF0O6mjKVIZfITN3S2v3JzNYqIe5xfVw+Rgw6ZJAJcgDgfrH/yQ+EtKCu8CrVzT5YNKynRWP39cawx1sap4V1yUxDowcEQmhogR0LfcdG5JL8cBaQBWom4xqCePhc8OWtwpP1/zKlBwx9FspQCyWiaBfyzANATfsw8HODaBPt+xS0N8vTbDd65DMD4wITAJBgUrDgMCGgUABBRSD5aizmHO8evCQh/uv/5/49kXEgQUPfN4JS0z7prJNy7Fzhr7TwaG5K4CAwGGoA== - CLOUDHSM_IP: ((cluster.cloudHsmIp)) - run: - path: /bin/bash - args: - - -euc - - | - echo "preparing keyring..." - echo "${CLUSTER_PUBLIC_KEY}" > key - gpg --import key - gpg --export > ~/.gnupg/pubring.gpg - echo "verifying package" - helm verify ./release/*.tgz - echo "rendering chart with release name '${RELEASE_NAME}' and namespace '${RELEASE_NAMESPACE}'..." - helm template \ - --name "${RELEASE_NAME}" \ - --namespace "${RELEASE_NAMESPACE}" \ - --set "global.cluster.name=${CLUSTER_NAME}" \ - --set "global.cluster.domain=${CLUSTER_DOMAIN}" \ - --set "global.cloudHsm.ip=${CLOUDHSM_IP}" \ - --set "hubFqdn=${HUB_FQDN}" \ - --set "gateway.errorPageURL=${ERROR_PAGE_URL}" \ - --set "connector.entityID=${CONNECTOR_ENTITY_ID}" \ - --set "connector.metadata.fqdn=${CONNECTOR_METADATA_FQDN}" \ - --set "connector.metadata.path=${CONNECTOR_METADATA_PATH}" \ - --set "connector.metadataSigningTruststoreBase64=${CONNECTOR_METADATA_SIGNING_TRUSTSTORE_BASE64}" \ - --set "translator.connectorNodeNationalityCode=${CONNECTOR_NODE_NATIONALITY_CODE}" \ - --output-dir "./manifests/" \ - ./release/*.tgz - - - task: deploy-manifests - timeout: 10m - config: - platform: linux - image_resource: *task_toolbox - inputs: - - name: manifests - params: - KUBERNETES_SERVICE_ACCOUNT: ((namespace-deployer)) - KUBERNETES_TOKEN: ((namespace-deployer.token)) - KUBERNETES_API: kubernetes.default.svc - RELEASE_NAMESPACE: ((namespace-deployer.namespace)) - RELEASE_NAME: it - APP_NAME: proxy-node - run: - path: /bin/bash - args: - - -euc - - | - echo "configuring kubectl" - echo "${KUBERNETES_SERVICE_ACCOUNT}" | jq -r .["ca.crt"] > ca.crt - kubectl config set-cluster self --server=https://kubernetes.default --certificate-authority=ca.crt - kubectl config set-credentials deployer --token "${KUBERNETES_TOKEN}" - kubectl config set-context deployer --user deployer --cluster self - kubectl config use-context deployer - - echo "applying chart to ${RELEASE_NAMESPACE} namespace..." - kapp deploy \ - -y \ - --namespace "${RELEASE_NAMESPACE}" \ - --allow-ns "${RELEASE_NAMESPACE}" \ - --app "${RELEASE_NAME}-${APP_NAME}" \ - --diff-changes \ - -f ./manifests/ - - - name: deploy-mt-production - serial: true - plan: - - - get: release - trigger: true - - - get: nightly - trigger: true - - - task: render-manifests - config: - platform: linux - image_resource: *task_toolbox - inputs: - - name: release - outputs: - - name: manifests - params: - CLUSTER_NAME: ((cluster.name)) - CLUSTER_DOMAIN: ((cluster.domain)) - CLUSTER_PUBLIC_KEY: ((artefact-signing-key.publicKey)) - RELEASE_NAMESPACE: ((namespace-deployer.namespace)) - RELEASE_NAME: mt - CONNECTOR_NODE_NATIONALITY_CODE: MT - CONNECTOR_ENTITY_ID: https://mteidasnode.gov.mt/EidasNode/ConnectorMetadata - CONNECTOR_METADATA_FQDN: mteidasnode.gov.mt - CONNECTOR_METADATA_PATH: /EidasNode/ConnectorMetadata - CONNECTOR_METADATA_SIGNING_TRUSTSTORE_BASE64: MIIGPgIBAzCCBfcGCSqGSIb3DQEHAaCCBegEggXkMIIF4DCCBdwGCSqGSIb3DQEHBqCCBc0wggXJAgEAMIIFwgYJKoZIhvcNAQcBMCkGCiqGSIb3DQEMAQYwGwQUPo2ivREHSjikUYxEYnZaU7cetgQCAwDDUICCBYi3H7tXjjn2VmxeyGtCfdCJQfhO+QTIM8lZaStikQ4tFCiErrs4aU5Qlsf3qm0bXKf816cNIAFx1DcT+M+OPmVS/VZF/UFfXN3tk6cL+9zpzudLhpQI2VPO7fz0RYel53hwGZA0KB7mkorUi77qDD8dCQ8zhs20LIJXCyRUtStJX1fuuGnyy0H9ewMtLAdM7yBxAwbKvUkTFWmVc9OcTzcO2a2rZsaB0rE/bNKrncvSjeFEaXu9dIigD03o38jTwpwlKqKmaqZb+i7K3tYCI1lfJcRGoXZ+RVVItjG39FTxghEPjBF8rqdfhIbG52bl6aaqYaRyAduilB25n+WM5J7fbrFbiChh5QkdlXjN1EA9UYUt8yhwgkMyLkYoN3k/WvLmVINzCFfiMJrg08JQOfWWWi1L9rBwrqW/y+nRAKy8AHE20dE/O3LqkEk1A9vOF9tiV3Jlv+ShYQuNvJQq2oe3Hvfkr/ixR8EkLjzHMnkSQ9Bm+4Parv/1iTBSIxyKZTmn5RbSij833+o55MTlFXPOG1gel7n8u2/0YtVItNumbauyX+lm6106hejPvZs0gkwSGgB/tkJ8rE7GTzMe8BteNRLPYt3DYs+eM8vNeGAxQX1OQQinuliZ/dGxZt+Yo480fArNAK21BJrjvQ5wuwKhIzzRa5wycwmdHYX56qSXTgMpVHFnx15WGkAjjNvUGs3mIHrl6zZFVRlDRZgutSHJAeaFn5r/Yt6I8FDTZD7mLsBGdXxmtBgTHs7NyseE3dL+3za4VXIWxU5q6f5kSNVpZkn7geo/OZsyFNZhIoy36jR7pzWbR976piBFj21P7j0Tfny1fHsZ61CzK67Fc9aV4TrPupm4TkB7kHhUp2Fspjz2gWApDmeRQLpWBukTrY4AhRu20C48+hRZjyt5jVLB9GMYGqVBdjdtBnaraGkwmfKoQEb03hR+H3lpcpfqgZEj+SdBNY1jLwvJRvS7JtEcmUEhDonEHGwdehXo3RxnXw7HJBsl8agEW5/YmHgnEBEzh+v7aqLylmYCpxBCBVtXJJT7rnts6iDupJg+gbEp0cjqbayRE6bKjLvxGtlm8dB6Q/X3UCdpdNHJTw0q4sLVkbvmY2396UNxlK1wFHUIKvLXyrHSYZkKMzmWNEYv9F5/cBGUHhMrkrAV7XwTH2i/xcdb2IkeRCU1sjWMod+ybsCWU3SE2xH1xkVhIyxLFKYHCjJGjTX0S35kgAVSdblSmNjBBFcbAOTQhtdvNOJWRRb9mAukDDzasiAiHm23PEg0yGBw9wKo09qxe/nTF+1QuFXSlmNovunXXhutAjEjiW2NwWZpgJcdksRyJlQQ1M0i4Xt8qTzw9BYis9xSbFTnbGqJyR+QJBRxhyOaiH2GnLq92c5xJfDzTD1EbKdt5tidh+4KX7/esSRtl8866RTkcv22XUkUpNuNJPFd6QkBzIKqzkcS9MWF8+xvZ7Nqk0NxAeWFG+i/Vd8N3bBbuRkV++KARFadeciGakar8Ihyge57EJyiYVI1jOtJKJ128np2dIf/Cqz1yRCJfDqVKLzVZBkxVqbZ8/Y5K/Dq3q5USZbGaCmz+qx+siFTKOaHXLJNzCwqNKATlAO1rGQ1qJH+Q/GeFL/KxAafcDl8JL/p+RY2Xs3ahK8tYbao4+okK24m/P5ZXISBXK2cqkW0l7ArYGdTTS5lbYceSl833iXDnE6Ke8QPr3AvgML5fyeQ4dGAHpUyhtVBvQoqH5wgMQUXcfvvkuLlGxlLI/Dnm2afiM6vY5rf8C0E+mrL03mmZah9rQ4gHpYeIpjqWuz+W5bYgHOwZCjrObz+Y5AMNMVml1G14uUxRh6zksqKO0bfFgZOI+jsQ7vthZdDvfNUR0AAueWLpahoiLIwPjAhMAkGBSsOAwIaBQAEFB9bhNGQowW4tLwch50pWEOFMEw0BBTxmzBPNbsAPPg+si235PUMi75U+QIDAYag - CLOUDHSM_IP: ((cluster.cloudHsmIp)) - run: - path: /bin/bash - args: - - -euc - - | - echo "preparing keyring..." - echo "${CLUSTER_PUBLIC_KEY}" > key - gpg --import key - gpg --export > ~/.gnupg/pubring.gpg - echo "verifying package" - helm verify ./release/*.tgz - echo "rendering chart with release name '${RELEASE_NAME}' and namespace '${RELEASE_NAMESPACE}'..." - helm template \ - --name "${RELEASE_NAME}" \ - --namespace "${RELEASE_NAMESPACE}" \ - --set "global.cluster.name=${CLUSTER_NAME}" \ - --set "global.cluster.domain=${CLUSTER_DOMAIN}" \ - --set "global.cloudHsm.ip=${CLOUDHSM_IP}" \ - --set "connector.entityID=${CONNECTOR_ENTITY_ID}" \ - --set "connector.metadata.fqdn=${CONNECTOR_METADATA_FQDN}" \ - --set "connector.metadata.path=${CONNECTOR_METADATA_PATH}" \ - --set "connector.metadataSigningTruststoreBase64=${CONNECTOR_METADATA_SIGNING_TRUSTSTORE_BASE64}" \ - --set "translator.connectorNodeNationalityCode=${CONNECTOR_NODE_NATIONALITY_CODE}" \ - --output-dir "./manifests/" \ - ./release/*.tgz - - - task: deploy-manifests - timeout: 10m - config: - platform: linux - image_resource: *task_toolbox - inputs: - - name: manifests - params: - KUBERNETES_SERVICE_ACCOUNT: ((namespace-deployer)) - KUBERNETES_TOKEN: ((namespace-deployer.token)) - KUBERNETES_API: kubernetes.default.svc - RELEASE_NAMESPACE: ((namespace-deployer.namespace)) - RELEASE_NAME: mt - APP_NAME: proxy-node - run: - path: /bin/bash - args: - - -euc - - | - echo "configuring kubectl" - echo "${KUBERNETES_SERVICE_ACCOUNT}" | jq -r .["ca.crt"] > ca.crt - kubectl config set-cluster self --server=https://kubernetes.default --certificate-authority=ca.crt - kubectl config set-credentials deployer --token "${KUBERNETES_TOKEN}" - kubectl config set-context deployer --user deployer --cluster self - kubectl config use-context deployer - - echo "applying chart to ${RELEASE_NAMESPACE} namespace..." - kapp deploy \ - -y \ - --namespace "${RELEASE_NAMESPACE}" \ - --allow-ns "${RELEASE_NAMESPACE}" \ - --app "${RELEASE_NAME}-${APP_NAME}" \ - --diff-changes \ - -f ./manifests/ + -f ./manifests/ \ No newline at end of file From 35fe94c077c32b25094957b0b38f66072a9781e7 Mon Sep 17 00:00:00 2001 From: Phil Miller Date: Tue, 13 Oct 2020 15:33:09 +0100 Subject: [PATCH 2/4] BAU remove SE, DK, IT, MT, HMRC from single country proxy node in integration --- ci/integration/deploy-pipeline.yaml | 550 ---------------------------- 1 file changed, 550 deletions(-) diff --git a/ci/integration/deploy-pipeline.yaml b/ci/integration/deploy-pipeline.yaml index be2507699..272de0408 100644 --- a/ci/integration/deploy-pipeline.yaml +++ b/ci/integration/deploy-pipeline.yaml @@ -51,98 +51,6 @@ spec: jobs: - - name: deploy-dk-integration - serial: true - plan: - - - get: release - trigger: true - - - get: daily - trigger: true - - - task: render-manifests - config: - platform: linux - image_resource: *task_toolbox - inputs: - - name: release - outputs: - - name: manifests - params: - CLUSTER_NAME: ((cluster.name)) - CLUSTER_DOMAIN: ((cluster.domain)) - CLUSTER_PUBLIC_KEY: ((artefact-signing-key.publicKey)) - RELEASE_NAMESPACE: ((namespace-deployer.namespace)) - RELEASE_NAME: dk-integration - CONNECTOR_NODE_NATIONALITY_CODE: DK - CONNECTOR_ENTITY_ID: https://eidasconnector.test.eid.digst.dk/Metadata - CONNECTOR_METADATA_FQDN: eidasconnector.test.eid.digst.dk - CONNECTOR_METADATA_PATH: /Metadata - CONNECTOR_METADATA_SIGNING_TRUSTSTORE_BASE64: MIIGngIBAzCCBlcGCSqGSIb3DQEHAaCCBkgEggZEMIIGQDCCBjwGCSqGSIb3DQEHBqCCBi0wggYpAgEAMIIGIgYJKoZIhvcNAQcBMCkGCiqGSIb3DQEMAQYwGwQU0qcpN+TZE+TnZHXW1HNxoAqdCF4CAwDDUICCBehmzOyXzrf2j5zDHnugcGv5JuBi7pLTHL0yYzTMKH8zN7neQF0GpryONhKQ8oPvUNaatL66tc5UI1h4/6xIpHue/c0B03s3d6lGms5TA/dTBu8WwZJDD7bfa5qAr9JKF5YeqXyJQUrZKMKxLiRfWmIS3beKvA8bhLAnaOF3wdAp9s/EQ0p9VyWDwL1x3appRRADKmZ0Q5+Uyij3C9sInAqLYwD9DkDTMdWcWWKwLraVP47azVcASUmi4Ti4gldmRIzCk3BDrhtcQz7V0PSL6TGwbtTiq7rn0J4ekW7hQpwxEzOGpQ+pfsmn7nrl5e5QM/sNn3sneIcR6HioMFmu2HaDIh9i19g795oN4cb13sJRNOcE7tm08eDbuP2Exuyf4rasOJJ6U0RnDq23DSvWJsmyeKn48L8aJ/8A5VlC1+N6GZzrVIIvuYLnB14FtDnmJM+4exXHF6kB6eSBws/dlV3DRStgPyHgfGFAhAe4pGSlFsXQc03X9l0snEsoDA+KGCrJwUdp3jNfmbm1j/UjauG9oqQIJqYVkM5177LZ7NvfikTapOVNuAYYhOTkNt6+Rrgu8jGc8/0AxBQL/df1fdIue995BVLnKywj+uDce+jFbihrn3TScsRwvIExdLc9XxickMuVnax7ymuTBOp7Lo4qu+1+8VQ+zetgHRmK8U4aGhPOsvgH2HER9Zlp5IWcySCQw2WMKCZPDkJA8xbAANP0Nn+tj6HV/R2gEVs7XDBcyFkLxgNiEviMsoHNIZuUvtOaLZgtAF25ok9P0AIvzQVH6Ik0+Gxb6sWlQgH3ViAd4ijhyIlEjlXtr1WW3DfiXz+jUK+f3/T4Vj0kGfKy5hndjPzrYM1d/u60O0PZfAABpHtjoltMhb9O/60Cv6LhazjwmMjn6cE1RTSR6Blumf+HDs0N9uZB5pblu9mtXiVOSFPSZWn2jqbip8vP2fdjQSH/TgmZxTeU4HjUl2gIQW4aOVwAVW/6/uWXymrdGzFEognjATIoiIESkTBmuMBPaAlLMu9dv2Dqf/YtQiIhluMfJfL1FLCLaCkP4dONW2no5uBoQdgnA0sEI7wjUsImN84EUVj4s/At86d+ukhukPQBakChIlgS/yrwv9yPjPs/+GvMguqqjSQYmv8W4IBwhHMyE080tm4Bx6Og8zo7f5hd8xZRP3ilVd0Ta6cUqHCU/zNig+s7FqNds3GRCnnKy4QI42luYCM5IXMiWcfxWo7e7KqpzAgHAulIcsYBmEreljl4Dz0sAJJSn18KftQB3GiQ38AOrfe7u86Q/KYl/H57ClY9/S/3TLPws+jvo/VspIGBH5oPcrnlXaomxf7kHGrnAv14ZOCFnmBsDqnPQJpYNMdAB5Niqc6I6i4/uyBE+uke1Y9qx1PqrDhkQ7CurXY3RtFKPQI4hu2ihHxx+mA8CBb8RAdEU7DVK0x/Ara0GmCtlE7wzODenqd0iTcDbA6NYX39UO+Imtd7Ya2nfdrhuIRTWK07+m+ImVxkXU/u2s/OYzoiiyBL4oGOCr8oraW9QliSZ9Ce3afuqgtwzC/IhseA7d2XUM/Ko7UO8etGa89iXKKAYCGVRVQ4AeTfjnyvyNZkxtFFCYD9CIGyVsOegcYZC0r9f5EmGVXfY1uVX/bVRRCLiM75H1kJQtv0fcRU3FHeuSojUl1b6sRy1HNWbfQ5/jO/gcqfSpls/GLA6e+oDZZ02kuG9r65oZ7bqJwdfT+O3djDgbsE0mGAep4MPs6f/pV11KoyowA6t+puu4YrgmqSHbtMXYV3GljV2aFatkFIoO/sG0y0xZ26cCXcX44WSPd303ZJEgiv4XeRex40BcbWO0JqFG1n3zBULfChbkSiQWgc+KXyfE++bZrhrewXMvQt9IdziefqrR6xC7mo4PiuOmafJTHm5voyU5XnMmQB0Kp8FcjSjTy0Xqh5MIJ2dUHpGMauPYcBF4AJ+EtSqKlVwu/M0/VGBywddHs6KEN6ygAKG7oryCINBp0dNh7lvqqAjfowPjAhMAkGBSsOAwIaBQAEFGUR//69AWrUjlNeCVM21oZdtvVDBBQC1i6wRmvel+rPiOpxw2MZ1HAV9AIDAYag - CLOUDHSM_IP: ((cluster.cloudHsmIp)) - run: - path: /bin/bash - args: - - -euc - - | - echo "preparing keyring..." - echo "${CLUSTER_PUBLIC_KEY}" > key - gpg --import key - gpg --export > ~/.gnupg/pubring.gpg - echo "verifying package" - helm verify ./release/*.tgz - echo "rendering chart with release name '${RELEASE_NAME}' and namespace '${RELEASE_NAMESPACE}'..." - helm template \ - --name "${RELEASE_NAME}" \ - --namespace "${RELEASE_NAMESPACE}" \ - --set "global.cluster.name=${CLUSTER_NAME}" \ - --set "global.cluster.domain=${CLUSTER_DOMAIN}" \ - --set "global.cloudHsm.ip=${CLOUDHSM_IP}" \ - --set "connector.entityID=${CONNECTOR_ENTITY_ID}" \ - --set "connector.metadata.fqdn=${CONNECTOR_METADATA_FQDN}" \ - --set "connector.metadata.path=${CONNECTOR_METADATA_PATH}" \ - --set "connector.metadataSigningTruststoreBase64=${CONNECTOR_METADATA_SIGNING_TRUSTSTORE_BASE64}" \ - --set "translator.connectorNodeNationalityCode=${CONNECTOR_NODE_NATIONALITY_CODE}" \ - --output-dir "./manifests/" \ - ./release/*.tgz - - - task: deploy-manifests - timeout: 10m - config: - platform: linux - image_resource: *task_toolbox - inputs: - - name: manifests - params: - KUBERNETES_SERVICE_ACCOUNT: ((namespace-deployer)) - KUBERNETES_TOKEN: ((namespace-deployer.token)) - KUBERNETES_API: kubernetes.default.svc - RELEASE_NAMESPACE: ((namespace-deployer.namespace)) - RELEASE_NAME: dk-integration - APP_NAME: proxy-node - run: - path: /bin/bash - args: - - -euc - - | - echo "configuring kubectl" - echo "${KUBERNETES_SERVICE_ACCOUNT}" | jq -r .["ca.crt"] > ca.crt - kubectl config set-cluster self --server=https://kubernetes.default --certificate-authority=ca.crt - kubectl config set-credentials deployer --token "${KUBERNETES_TOKEN}" - kubectl config set-context deployer --user deployer --cluster self - kubectl config use-context deployer - - echo "applying chart to ${RELEASE_NAMESPACE} namespace..." - kapp deploy \ - -y \ - --namespace "${RELEASE_NAMESPACE}" \ - --allow-ns "${RELEASE_NAMESPACE}" \ - --app "${RELEASE_NAME}-${APP_NAME}" \ - --diff-changes \ - -f ./manifests/ - - - name: deploy-nl-integration serial: true plan: @@ -234,279 +142,6 @@ spec: --diff-changes \ -f ./manifests/ - - name: deploy-se-integration - serial: true - plan: - - - get: release - trigger: true - - - get: daily - trigger: true - - - task: render-manifests - config: - platform: linux - image_resource: *task_toolbox - inputs: - - name: release - outputs: - - name: manifests - params: - CLUSTER_NAME: ((cluster.name)) - CLUSTER_DOMAIN: ((cluster.domain)) - CLUSTER_PUBLIC_KEY: ((artefact-signing-key.publicKey)) - RELEASE_NAMESPACE: ((namespace-deployer.namespace)) - RELEASE_NAME: se-integration - CONNECTOR_NODE_NATIONALITY_CODE: SE - CONNECTOR_ENTITY_ID: https://qa.connector.eidas.swedenconnect.se/idp/metadata/sp - CONNECTOR_METADATA_FQDN: qa.connector.eidas.swedenconnect.se - CONNECTOR_METADATA_PATH: /idp/metadata/sp - CONNECTOR_METADATA_SIGNING_TRUSTSTORE_BASE64: MIIGXgIBAzCCBhcGCSqGSIb3DQEHAaCCBggEggYEMIIGADCCBfwGCSqGSIb3DQEHBqCCBe0wggXpAgEAMIIF4gYJKoZIhvcNAQcBMCkGCiqGSIb3DQEMAQYwGwQU0yoaBA/k0XSubaX3s1AfylKQw8QCAwDDUICCBahoTSw5pcy20SWr34/9qEsNIZYMHCbugc/fyQ3px1AUwtIvT9IimQ22B88erdtTVUGWH0sQYhOposNMVy/fOaByIlwAElmsOnBzItU+JDJncemUbBIHb9//hbEpRYsDraY1H0z5akHxreqJ7chK36LkblZxoKj5CbbScFFkHHUFCtLLl1FOxtaWtAWIFQM+aX9xZaZIOaQgqlHXUYHj2nbgp3NUJ0sKTRi4D22660L+v1hFg2PHpGarNLNgfmFSrHDxhM6SIL0va/k1ICa2Szpq7OGqLb8LAy2OQsXu47zG0syntDMD4VN7roqdHxVfKxDGqxmlItC7LfY/4KWspMSr+Pgpdc4qKb18Vg0sDvyxJ/BNt47n874Okot2opY3Si+qp5OPrNrX3dkcFNW8WyntX+MEdg24J1FxEoKRC8l+ORtRdrLtcieMh8eM6oC23GU9ERZmgigcmLzvt0IEUzXSTNydX2KAtJmPkX1c8rAP3eGxJc8YfJArtCUuRvHGIrUZJw39X01D+KmY8XpdNayy4eRgMxypY9/WIxU7F4fVXv5QBkwEBkPbT0tPRfglZG/V7AWFv4zYFlR38eYuRunH6PwiIrU7vKIFWBl4Pvpp7hi59gEpk7YuRswjJEyXxItxCL3aGef2qCJyXBWvRlKxfq7xztiPKLh4qjf2oVY0PiZr7IYdP2RhkFSLZ5X12Tvjq8tk52PcnFUAj3Cs4olHipqsFb+nd/qvbsoN2tNI0M5eFjkM7dReP/iHqJpb+Ov4IddrDae1/JoQl3lVJmEIEm+X0BU0UEcKWjY6qY7TSwVBobXDXHlejEq0+9mM+UE7zT3eOKhR8XYDrJSBI1jzB/iWcyUMfCaNGRLZ5mOVB+D7rjwVI61d6I+VEDFo60o5tSyhPiop9aswGaKkevcu4+i2n4upTiY0CKHjByBO7fdOxWz1skcLOkTlR74b5bKtgC4VzKS4Ox0YMUPo6uMOQP/fjYmlOGapYJcB9bAiizqIQ6brfrfrocvysuJ4is0VgQjq2ssVLO/ej5IV/R9Zt8tJCrRIEX/Lg/M71nuPkCQYIYCmI/ILjRlqKiRnFzTAskg5kLnAgTla1Qe0fTcV6xPuwfh+NJaDC7E1O2UIPtRskv53jMIolbzgQFqOrs43MsVA2FtjoHvJ2QUzlJ3xC34XtMTAvT2qwVUlwlwHQIii93coIuN1SJYhXuCaRGMz9buGPDbL4p80qtoCpd4vkGhsfuaS0u7GF54NPiLBo9EltL/80SCFE8aTtvIx8EEOKomFlzTB4XzIztgMH8lRsb/VH3VtGmUNUJllDSqGM634UKxsu+CKM+vqHQzruB6xJixfRnHczcz0m0jJ2f6ougxsaWGNam/ZablMiTsTuATAlgg30JPgHv+Eb0/57V/PmcoU7VzTuGSdaQkXqiDDpP52Y0/O2IKxCIL5Y9qPT8yGQ4G9m4QiPCH4z4T2KLIPUWP4aui54t6pCYlAy4lB7u/nnvLnJy+IVK31Eh40RywUssZGcvD+U+Qlco0FKp1SJBXG1gluIT1tkN4exp2oAEjGPKlZ3TzrGH3vtaWt5Jn7geBk0sCxi305artG/XbucAyG7y5P7xIOp39GXyhiGkQYa0aN8nNVcIBPoxAG2FpS/9IY6wUIf/Nl1VW8etGIP+zcrgNWb1Noqp8xcsR9H/DMydBuQOrQL6AY7r+as8srxIjk/s8IhmEvPBkA/u8g7/+giZeBH3q6hzIofzLW2GlPkpUUP2W9EEy0Qsc6wIKTyslgoA7l80qyYsQnRG/MbOvPKtrPoxHFbUK0DhV+VL0fkW83Ap+Pl8ltsco+cDVtyc5dkHJ7iEJFDHsxcKEdEgtHNFSldwWreDJcfpOxZ/Sq0fX8IB+Pb0PWzyf+YW6FBDbe3qRG0OdRJA2NkBm/nZDA2EtIljA+MCEwCQYFKw4DAhoFAAQUa9iuRrSYbpGKdgU7kS75zKzAcykEFBNoEirLMABWqhnxMbnwiG9Q5HsKAgMBhqA= - CLOUDHSM_IP: ((cluster.cloudHsmIp)) - run: - path: /bin/bash - args: - - -euc - - | - echo "preparing keyring..." - echo "${CLUSTER_PUBLIC_KEY}" > key - gpg --import key - gpg --export > ~/.gnupg/pubring.gpg - echo "verifying package" - helm verify ./release/*.tgz - echo "rendering chart with release name '${RELEASE_NAME}' and namespace '${RELEASE_NAMESPACE}'..." - helm template \ - --name "${RELEASE_NAME}" \ - --namespace "${RELEASE_NAMESPACE}" \ - --set "global.cluster.name=${CLUSTER_NAME}" \ - --set "global.cluster.domain=${CLUSTER_DOMAIN}" \ - --set "global.cloudHsm.ip=${CLOUDHSM_IP}" \ - --set "connector.entityID=${CONNECTOR_ENTITY_ID}" \ - --set "connector.metadata.fqdn=${CONNECTOR_METADATA_FQDN}" \ - --set "connector.metadata.path=${CONNECTOR_METADATA_PATH}" \ - --set "connector.metadataSigningTruststoreBase64=${CONNECTOR_METADATA_SIGNING_TRUSTSTORE_BASE64}" \ - --set "translator.connectorNodeNationalityCode=${CONNECTOR_NODE_NATIONALITY_CODE}" \ - --output-dir "./manifests/" \ - ./release/*.tgz - - - task: deploy-manifests - timeout: 10m - config: - platform: linux - image_resource: *task_toolbox - inputs: - - name: manifests - params: - KUBERNETES_SERVICE_ACCOUNT: ((namespace-deployer)) - KUBERNETES_TOKEN: ((namespace-deployer.token)) - KUBERNETES_API: kubernetes.default.svc - RELEASE_NAMESPACE: ((namespace-deployer.namespace)) - RELEASE_NAME: se-integration - APP_NAME: proxy-node - run: - path: /bin/bash - args: - - -euc - - | - echo "configuring kubectl" - echo "${KUBERNETES_SERVICE_ACCOUNT}" | jq -r .["ca.crt"] > ca.crt - kubectl config set-cluster self --server=https://kubernetes.default --certificate-authority=ca.crt - kubectl config set-credentials deployer --token "${KUBERNETES_TOKEN}" - kubectl config set-context deployer --user deployer --cluster self - kubectl config use-context deployer - - echo "applying chart to ${RELEASE_NAMESPACE} namespace..." - kapp deploy \ - -y \ - --namespace "${RELEASE_NAMESPACE}" \ - --allow-ns "${RELEASE_NAMESPACE}" \ - --app "${RELEASE_NAME}-${APP_NAME}" \ - --diff-changes \ - -f ./manifests/ - - - name: deploy-cz-integration - serial: true - plan: - - - get: release - trigger: true - - - get: daily - trigger: true - - - task: render-manifests - config: - platform: linux - image_resource: *task_toolbox - inputs: - - name: release - outputs: - - name: manifests - params: - CLUSTER_NAME: ((cluster.name)) - CLUSTER_DOMAIN: ((cluster.domain)) - CLUSTER_PUBLIC_KEY: ((artefact-signing-key.publicKey)) - RELEASE_NAMESPACE: ((namespace-deployer.namespace)) - RELEASE_NAME: cz-integration - CONNECTOR_NODE_NATIONALITY_CODE: CZ - CONNECTOR_ENTITY_ID: https://conn.dev.eidasnode.cz/EidasNode/ConnectorMetadata - CONNECTOR_METADATA_FQDN: conn.dev.eidasnode.cz - CONNECTOR_METADATA_PATH: /EidasNode/ConnectorMetadata - CONNECTOR_METADATA_SIGNING_TRUSTSTORE_BASE64: MIIDvgIBAzCCA3cGCSqGSIb3DQEHAaCCA2gEggNkMIIDYDCCA1wGCSqGSIb3DQEHBqCCA00wggNJAgEAMIIDQgYJKoZIhvcNAQcBMCkGCiqGSIb3DQEMAQYwGwQUtEBxkJF5nQodITN8RMG0SZZySZMCAwDDUICCAwgxpPO5+psYMsSUd2od5jkna9gy/gwbUh7oeJbGUJSPRYdVtpY/+2b+nAX75dLf07AXkXweSWfWV1nhCBg3PvHEFi+BtrULM+xeQ91Oe5w768LMgsQxq/oTkZ25iP6PldCC6ElJckcH+cxsuziUjrt3WMkdx9PrFqZHBRRH5OYQi25Q/A6yiXg823tsyCQEOLJk5omZvtRPjfKRLaGmBhd37nrMy/texLJfR7xpj2BVuv/0Jl4PwijPBvXbT7DE28x3WSI5JL3MeouZT4oklKzRPx2U4SyhIG1B7leYIoaC/Cp3G3i5XiqwdnaXFr0SwKbhZCBk32S2I6gTQpCWaypv8+LilwtTWDiG83OYYOkDArP4+23RkUgu40Dz8K4cyGibH9CS2i619GGPOXc+/za5s2AE0hYvZGWZUdxKJcCxmbaDFpDP+KJvtnGKtCKv0tigwUtHzI0Ydh8in6Qp/osnO3aMjRTxdfRD4ynQA2C8+gxcjTzZSrzQpsSBFE/+BXL6G1AUqNPCpAWMb4n0U9P9LXz1FD2zhz6PgtUjglIXPvK+IeuAoiwYYSlRBtItazsMsWBjBqqMGKt3f4YCasxFg/2hTrkNhb13QhYlkusAFSMfR5SG5BTYZ53uAZOBnZD4ToKf3yCLqsm05PV9NexyPbUhAGuX/AJ7cILM0Exlaa+TozjV6wQAKzDMfnRcFicYsLQg9ebRa67Azdg4QYBd2CCDwMKu3bmFGFmP38BOr7LOBhkp5QK/P4U5ZY5b9bTu4QKGr7M7ZidChUlqq4Zf8fik6TD5fj1gn8o2ULHmsxiwCkPq/ukQJqjEoKIRxYIgZmE9NwqVWz0ALNULmOLceVjd2iadjgPST05AMcsEUKbz0Z4wmJu7o9ligPXKaybKcnJW93mAzJQbKg9ZxZiqwZgkTx+BWWnpf8FDKPyMxlljlw8e/dMvgkPSXkr01wm0pQqQ5oxPHTYSJsyVPK1T2XjBMyp+mAi1ZhAracB27PfGN88Tsdg2Md1LnB7zcyRXRIiayOZFnDA+MCEwCQYFKw4DAhoFAAQUG0IyxZ29L0sOyOu0K9E3T5yBXAAEFPpJ9er/sYynQAmGFCOUOrjKOKfhAgMBhqA= - CLOUDHSM_IP: ((cluster.cloudHsmIp)) - run: - path: /bin/bash - args: - - -euc - - | - echo "preparing keyring..." - echo "${CLUSTER_PUBLIC_KEY}" > key - gpg --import key - gpg --export > ~/.gnupg/pubring.gpg - echo "verifying package" - helm verify ./release/*.tgz - echo "rendering chart with release name '${RELEASE_NAME}' and namespace '${RELEASE_NAMESPACE}'..." - helm template \ - --name "${RELEASE_NAME}" \ - --namespace "${RELEASE_NAMESPACE}" \ - --set "global.cluster.name=${CLUSTER_NAME}" \ - --set "global.cluster.domain=${CLUSTER_DOMAIN}" \ - --set "global.cloudHsm.ip=${CLOUDHSM_IP}" \ - --set "connector.entityID=${CONNECTOR_ENTITY_ID}" \ - --set "connector.metadata.fqdn=${CONNECTOR_METADATA_FQDN}" \ - --set "connector.metadata.path=${CONNECTOR_METADATA_PATH}" \ - --set "connector.metadataSigningTruststoreBase64=${CONNECTOR_METADATA_SIGNING_TRUSTSTORE_BASE64}" \ - --set "translator.connectorNodeNationalityCode=${CONNECTOR_NODE_NATIONALITY_CODE}" \ - --output-dir "./manifests/" \ - ./release/*.tgz - - - task: deploy-manifests - timeout: 10m - config: - platform: linux - image_resource: *task_toolbox - inputs: - - name: manifests - params: - KUBERNETES_SERVICE_ACCOUNT: ((namespace-deployer)) - KUBERNETES_TOKEN: ((namespace-deployer.token)) - KUBERNETES_API: kubernetes.default.svc - RELEASE_NAMESPACE: ((namespace-deployer.namespace)) - RELEASE_NAME: cz-integration - APP_NAME: proxy-node - run: - path: /bin/bash - args: - - -euc - - | - echo "configuring kubectl" - echo "${KUBERNETES_SERVICE_ACCOUNT}" | jq -r .["ca.crt"] > ca.crt - kubectl config set-cluster self --server=https://kubernetes.default --certificate-authority=ca.crt - kubectl config set-credentials deployer --token "${KUBERNETES_TOKEN}" - kubectl config set-context deployer --user deployer --cluster self - kubectl config use-context deployer - - echo "applying chart to ${RELEASE_NAMESPACE} namespace..." - kapp deploy \ - -y \ - --namespace "${RELEASE_NAMESPACE}" \ - --allow-ns "${RELEASE_NAMESPACE}" \ - --app "${RELEASE_NAME}-${APP_NAME}" \ - --diff-changes \ - -f ./manifests/ - - - name: deploy-it-integration - serial: true - plan: - - - get: release - trigger: true - - - get: daily - trigger: true - - - task: render-manifests - config: - platform: linux - image_resource: *task_toolbox - inputs: - - name: release - outputs: - - name: manifests - params: - CLUSTER_NAME: ((cluster.name)) - CLUSTER_DOMAIN: ((cluster.domain)) - CLUSTER_PUBLIC_KEY: ((artefact-signing-key.publicKey)) - RELEASE_NAMESPACE: ((namespace-deployer.namespace)) - RELEASE_NAME: it-integration - CONNECTOR_NODE_NATIONALITY_CODE: IT - CONNECTOR_ENTITY_ID: https://connector.pre.eid.gov.it/EidasNode/ConnectorMetadata - CONNECTOR_METADATA_FQDN: connector.pre.eid.gov.it - CONNECTOR_METADATA_PATH: /EidasNode/ConnectorMetadata - CONNECTOR_METADATA_SIGNING_TRUSTSTORE_BASE64: MIIFlgIBAzCCBU8GCSqGSIb3DQEHAaCCBUAEggU8MIIFODCCBTQGCSqGSIb3DQEHBqCCBSUwggUhAgEAMIIFGgYJKoZIhvcNAQcBMCkGCiqGSIb3DQEMAQYwGwQUsgaqXrNnmO1JA8dZ9+fTipn3yngCAwDDUICCBOBwArUVyBPKEH232lZD4z3a08MvPF70G1rfg2dT7/33afUybZ1bDxHknNa5NETVaEd/LZLOEPDcJEsrz3z4lXe++WV356W4/EuMHPZziWLQkI3XKZHVPpDqIO9feAdKUW0wdQewF2FlTo0o3Xc63qcz9fLZM4DiuHDplSUBLztBRhiJnPzZStUwh62FTrJr1apxLMrcC3XHS4BIL20i51jcv6LYDS1VyWu1TeNkmf9BFM27tEynqXABwXXoNxuMuGggp9nSITc6H6J0fJa13Zp1gnyUgk57/F+/r5Afim/QG8yPleJZxlwQ2np3pfC1cXNk2THPmynF6V0JLa9NWqUzE/1Ocy5bgrNrGTvvTya0mNqnOtEJZdVPRk9YIp/F/iZYjSA9EKKSoK/d1jDPagU7Y9iNqsc2duAhQPMbHA2HcLfnUcNyxGCtQWt+Htu1EAK+fKWDAMsMRQpOKFo34/t+rlH1onwNX16oqIsLUWJrRo36isg3xXAQSYL0QazsBJpTxcUSwIVplIdv7aSbSlPw8iKcpn2ksQe6e4jZvN2rZ45LfDOdinojlPiTcy804hW6KMkQ2VNadfWFoKyj9GZ/kbMvHqrgH8IwVLInhPtnXsP+6ALDJglshyKBgB/Z0T6iZqkPUIobxx4p35nGb4FcNxFLhRCQqBcK2OMXxoJGc3TJBnypNjgn9QOltXIUtOHgESlfBdYDWyKlPOYMY+3XBHAxlfAp2AeZosMQNsXhx1SWlxws+MsPdIUbUh+44rM/2TFvH6W1SP9kXGPW2bOih1M3eQ896v36Nx8FQbatv6567VTh4gxEt9XfuDprHvrax37wcYFcKEFJpnwE6kj4wIQyEXTwbKBe0X1SZU2hGbJqpgY3v7PHkwRJKBHVKbI6qQoVaivZMKS8R9+VglM5yrgMnNE9jkqqC9FYrrUC7A4Aq6RIKDpBx7etHjqqFhCf8TsQEYLhnLoUjK1jgIMzYWD7Vif64mWNl2udKBMoi1FX3SP8vfw08idwojn9MgZTGu4wJnk8ySIDGFL2536HedA7QwhNCukjWLqjbfpXWrR15K9uwj+ea/trgwKhUWzyD2qzj7q57k+9rujTdF7+Ywfq7FNmx+xNAP6CbsLPN/fYtdXH9buZMYzNOBfUFuI3RyGd9sE33rsb/dd/XWIArLicmCglVQJbRZs1WKhcJyAc90pJzcJy5U5L3vsO1/gkU0e0aVyKfclkdJJhnaUkKbSBVy6rhVe7KsUXC74NBCxwK0smBKtHSFqXU+Dx5SMgLYyOi0PWWpdbQ6V3Dih08nxOR5Lyg4gcPC1S4hzPdojC5PRU6IqdsE/0smUNW/DuHSXK0G/VuiRAehAE9tgsKpFOL8+INcE58r8SI6vBmwzVVh7MXP43UeL7v5WUhekndiX0Butvk3AvrJ009tm4KxQNn5XMy/rDLuMVUadlPKDW5pZQwBDAsIm620mmztaaCqnLWKq3JHsCGLvPQ8ziZmCRwTlz3DiqeoaNzWbnwlKr9y8HedARD2sNTHhrLQZLseZ+6SerUJYGUVPkre1rT3k7n01VHNRWEelOwL/c2cYe3zWAWCB69r1nqAQoCfDwSbnKpSnZY5KrLjbyizouEZU3fOaPuoiF4wRljVg9ZP8jW4faFcXlFmlsbovIZTowPjAhMAkGBSsOAwIaBQAEFIhm7rIYwXMOFhByZOZ9HFjwwdFXBBTgluTQjkKxcHxT1HEchPsMprSReQIDAYag - CLOUDHSM_IP: ((cluster.cloudHsmIp)) - run: - path: /bin/bash - args: - - -euc - - | - echo "preparing keyring..." - echo "${CLUSTER_PUBLIC_KEY}" > key - gpg --import key - gpg --export > ~/.gnupg/pubring.gpg - echo "verifying package" - helm verify ./release/*.tgz - echo "rendering chart with release name '${RELEASE_NAME}' and namespace '${RELEASE_NAMESPACE}'..." - helm template \ - --name "${RELEASE_NAME}" \ - --namespace "${RELEASE_NAMESPACE}" \ - --set "global.cluster.name=${CLUSTER_NAME}" \ - --set "global.cluster.domain=${CLUSTER_DOMAIN}" \ - --set "global.cloudHsm.ip=${CLOUDHSM_IP}" \ - --set "connector.entityID=${CONNECTOR_ENTITY_ID}" \ - --set "connector.metadata.fqdn=${CONNECTOR_METADATA_FQDN}" \ - --set "connector.metadata.path=${CONNECTOR_METADATA_PATH}" \ - --set "connector.metadataSigningTruststoreBase64=${CONNECTOR_METADATA_SIGNING_TRUSTSTORE_BASE64}" \ - --set "translator.connectorNodeNationalityCode=${CONNECTOR_NODE_NATIONALITY_CODE}" \ - --output-dir "./manifests/" \ - ./release/*.tgz - - - task: deploy-manifests - timeout: 10m - config: - platform: linux - image_resource: *task_toolbox - inputs: - - name: manifests - params: - KUBERNETES_SERVICE_ACCOUNT: ((namespace-deployer)) - KUBERNETES_TOKEN: ((namespace-deployer.token)) - KUBERNETES_API: kubernetes.default.svc - RELEASE_NAMESPACE: ((namespace-deployer.namespace)) - RELEASE_NAME: it-integration - APP_NAME: proxy-node - run: - path: /bin/bash - args: - - -euc - - | - echo "configuring kubectl" - echo "${KUBERNETES_SERVICE_ACCOUNT}" | jq -r .["ca.crt"] > ca.crt - kubectl config set-cluster self --server=https://kubernetes.default --certificate-authority=ca.crt - kubectl config set-credentials deployer --token "${KUBERNETES_TOKEN}" - kubectl config set-context deployer --user deployer --cluster self - kubectl config use-context deployer - - echo "applying chart to ${RELEASE_NAMESPACE} namespace..." - kapp deploy \ - -y \ - --namespace "${RELEASE_NAMESPACE}" \ - --allow-ns "${RELEASE_NAMESPACE}" \ - --app "${RELEASE_NAME}-${APP_NAME}" \ - --diff-changes \ - -f ./manifests/ - - name: deploy-test-integration serial: true plan: @@ -590,188 +225,3 @@ spec: -f ./manifests/ echo "deleting ${RELEASE_NAMESPACE} connector pod" kubectl -n ${RELEASE_NAMESPACE} delete pod -l app.kubernetes.io/name=connector - - - name: deploy-hmrc-integration - serial: true - plan: - - - get: release - trigger: true - - - get: daily - trigger: true - - - task: render-manifests - config: - platform: linux - image_resource: *task_toolbox - inputs: - - name: release - outputs: - - name: manifests - params: - CLUSTER_NAME: ((cluster.name)) - CLUSTER_DOMAIN: ((cluster.domain)) - CLUSTER_PUBLIC_KEY: ((artefact-signing-key.publicKey)) - RELEASE_NAMESPACE: ((namespace-deployer.namespace)) - RELEASE_NAME: hmrc-integration - CLOUDHSM_IP: ((cluster.cloudHsmIp)) - HUB_SSO_LOCATION: https://test-www.tax.service.gov.uk/uum/identity - HUB_METADATA_URL: https://test-www.tax.service.gov.uk/uum/metadata/ - HUB_ENTITY_ID: https://test-www.tax.service.gov.uk/uum/metadata/ - HUB_METADATA_TRUSTSTORE: MIIebgIBAzCCHicGCSqGSIb3DQEHAaCCHhgEgh4UMIIeEDCCHgwGCSqGSIb3DQEHBqCCHf0wgh35AgEAMIId8gYJKoZIhvcNAQcBMCkGCiqGSIb3DQEMAQYwGwQUrwpnWCzMwWrRZLyghD3vkmIGHiUCAwDDUICCHbgsOQFDAj8wUQ6mTghQcSeLqbsjgyOP5TuFuw4adqInMNJkNi2hBX/9MFtcTvMBDI1COFd5VdHhBaC/kUPsrD6KvULxhlM3RPTu8DyV0E9d8wwCBMrzdtjjexA5zJEY3/QfOG5kRW8xyPT5aFJVppUKkB8LVU82Akf3LGJq21Wn7ZNl0rXENwofrKBBQpe1NrSW4WdXgA4UP5o29ev3bPZyGoIms6Z0LQTz8fmcRVc7KzjI7xO4VJxQqf5PhdVJEIGBSM4EFi+1VYuDZZ//pQK9tSPegVCogh0WKJUmeZ6/er3AuGHB/rGbdq7U/ezlm+stCqDusHyQXF94KdRk4Js01yRuwtGYqeom4wZ79anszzQpOSdSP0EgZglwUV3nRllK/qMc2VeTgPERKfN1gBr4EJJMtkNU4SImn5KWzL8dbkmvJ8S3Fl3jDodOWlhq2g36QD5cfmALF+1yLkRRTaF/BWaytQPR8zH6EzAecjmGhpokc14ngFxdVU8VUPfvrHjvsW8Fs8aaOXiMxBTEGJJesvWQus6M3d/uuIfQRJbyhbME1l2NV8UvWdqPoF/8Ea9HpqLNlpez6xHVHEHyZqE85HmqvaPuE2ZFyhljwUYNqe2rB7dPjyBI4UKTHuHkOJAunb6efRMXaqkR5Vtc+knfwQjt+LTu7zTyhiMhzyMX7xK8warR6ak8XENyoyEpckk0nUbYUnoJezXhGSHgZfaIDqMUWH26HpWa7VkRjv3CVsH3m3Tj0XAFShZc16kVzHRCvlRPitU8AFIdBOstL+ZKUQI4jw7BpzaV6CZ1UIUnoTRAO4ZHObw6FUtWbUNYZqwkhHaa5M+kqn2w0hikQYj1ciuptWior38NQTHsyFVTFJxc7RhNEAT/O4AHw4I3iubnjIvFRC87LwIuWXCxNPfw5TBLfg2uhfhvQeZrSxh3oUb+ACCir2XFiznipiTq6mUX9SBZeJ/Hd/QuM3QRF7SCmh4OY3AwiQ9yMQ+WMhkg5AX0pD1rbc0jerXDn14qL1u58+ryIHoQbsyYsw2fMb8fpmlUwo8m7SPZypVNcxtqWv2J/igQ4pTFjj2R1DDVugLiYd6ZtC0yptxdjc9SHcFTvuFbvg8lMIA4mdE38w+sHKGV3H+RbzbxvHbz6sAORbNjFPNdZH7ihuroBFL6WaCFuy/9qgpQ59mHbrgTxC3qYFz/rOc7t4ZlUh8/LFhxDlrzYoJgjKNHL/oogNK3ipuEFDFpv+7FAoUrMF3M8g5gSF3jtlBO9jxj9Ou6karXYgyDco8cVaGBCx2ljNKES+oX5ZRiaoXQeXKyPln59BiRrt0uGWeO+xya9crkpwg5TcZb/23aeZeH/44h+qOnkIHnMLVLIlid+BISbe9E4tK0r0NdAjkxnf2oo/DmBAbfWu+jHKeeCq7Ntxens8sGQw0rZIFclEWX0Ep/KW4dS6suyY21/HwqzCvSVA1NzZweG+lpLbBIaMPxJvYyMiFM742XO8d02L4VeOYo7uFfoOlEUOItwq1ZQxQ8keGQYA23q1duzrMvtL6r7gRM9ooPsrbDLCvnX7tVZ2bQ+vIhFyGAo+8IC4sTm3HouVALBeXTDOXa/ph8t+LoZcoP2fx4PhcLHQLIxVV/nCh/nYPZrkbBJppjDVs0eHS2dFm1NnkGuy5odK8wK8fVZ0+y36NQPov6k7VehQ23Mch5mpC7ezCQ7I62lJgH7+yWwxNGInTQ/vPYRV4RLo5hWjGRpQCFB8mO13jLFUBRUlum8B+tCRP+elv3V4+14tx4Fk0quvZz23yj/1m6fZWTQrn2rafvQHRF9G7V5B+/m9wjKPj4tMA4DkVZgtWx6mca8hsNtcdFc9ujCMzjdBspsRFcq54jtp3LAVDzqucrrMwAJfAHx/r4VcLBpwgD6qR/L1bFB2wHcryrBSkESXKSkx6krj0fAcildW6fYKZzJsZEG3ng31zamSZu5boGsWjeT6y/GS4WHe7kQICOE3dzcA/eoboe0wkLkdEpyLxaJ31ujfpDKfuMH3/jVRPTKYcYavq4gFqAADeXmc5RMVnPjJ22T67KB70qKXWfiDkClzQXq2nsNTW46isusCjI8bX3uWhzjGFgBJRgvUovGOoIoH7PLA1yQtB7EV9pUHeNnIY0alsP1yVtbN894e7hEyYQLuhg4w7qW2LmCtXS2UnyllDKMZN1WGt8iIrQYp5GXjKjw4UOKRS8XY4y21kpNHMs0KtPagpiUu8PIgqdhEty7rW/XUJJK7SIlKQRTnDPPHiAR1x5PkyhGb8ArTtKyol4JsdS/vkRM/iy0OvW21h/qqaO3uxVYrMbPTiOQqhMPx931bOyr0JviOzNiSia/p8ftK/p3GJUCCkgyjKW+/Sn2CZ3F3Ck4k8wo2UZc/GciA/CPtK4Tj+eGlydKij6xUfNU46r6/wlXvf0cWia+mdaCLvmcHpMFbo/yofjKKVj+3TFQ0HKkCwhIN6miStwMBa4MLQTOTQd02Jge0wERsAUZSmaSTK08D2Iu5mOu57SryZcNddpJmOXIDokQWoqSJedM+u9MKzJNrohhoZj31GRhngzRQr0ewZuJEGJq/2gdQ7gLvEx2JgI3zCL08TbLQR8eOxsj6USwQjr0iVYXPK7l5Goxqy1eqwBZhWC0+yFCRIgs85khaaDSKFGLMoUBcoUUI0QM9Yos3mg3q/sVTUifSHImfCfqoWKZqy5bzS6bMEi5/3g/oMD/4247ohobmmL+trbIIRd3T/GaPBZBx8+iPJ+oHssueLjkkSOd+D4mZ7ek3bC2Iz1FKpvGPanfwF+gefPRl9LdxhdbM9K9mwcWn5i2jjKtJAs5xzaaknbAlsd7B+TlNrJQa85X2broDumdD0cjCmDWEC2TUkCjmaJO5+VHF2+vVpH3RLrqqlK3ajVgZjdgw0zHWknrHejL88ETjv5FfKVn2KMuQv7FKWKiWmykPNGye65eRPFtdw5HHG+DsfABLGfZs7A3KVELDf8ybUEJ9NxnuftH6XX0Ex5HI4dSI0s39d6YIDWyQaL4JSCjGt8q6qhfmR/u7fg4tikLB7CZPHnyZazfIdfSPlOpJpIBw7mv/tRrVfZH+8k6zX8W/V3bJalvF0rTHpQFlDO/pT118JcdC+cCafyBAFAMb60zXe5Okmey/j3Obwcu07YbrSXzgWyXsGXFa3iP87O0yza8KLDoBYspBBmaJscW6uJml4d9og/zduBaEGLxZ5uVUGqUQG7yvLjJ0iNvZr3dnneCtQgdkr7f7FAkmk5YslOgG+Ly4+6zAcvq758+ChgWRFQxA94jL5r8SrLSUf7GqLGrAWhoBfQCAX1GKqcnaLBTSe6MgaWBk2Gnx5Dn4b8V7Fu6XR8an8BE9RuvIAHbo09Zf/XJxcPiJRUcXwSCm8Od38XE8vXKa3YyqoJCvaN5D30rVcYHcLp/6zuVGv/L/FMt0XFarqJNPp/Dqib/u1wwDqieKkXgqX/ggssZ6g512LGNtzFLXM7XFGoyx2Xt3AkKOkzap9rQ4Uy0i55lMhOmC7hlEuDnV5C8MbsW9LOSEl2KtDWjF0MmA8foQ8xe8iaonV1MhHqTgK5hHMDzW7FSej1U/bwszxt39wKFtA+SVKOrafMumXb59V39+8FZ+f9lddKUpCYP75dPJvGTb5GCVoL0QuxH8fEbqbY8fuf5C0S0427dJuHEkEk1KydgLJjLLu9LtcAs4tl4/xlzDE3SDwNXC0V4Rp1jtienikU9r7rAWae5ZFKSd1K/fKdNfKjoXQUt3CzzP1PvrDjGaDGb1zD1fcCgsa6LCvJ0/z/J9MCW9j8Y6LgTh2S9xYF+tn04fChqAUD9J454ZSDnt4PrTbMA1RnpBO/Jmmy/lkYwBm1ygPrkIDtD7Spc3XhkJMLcGaHLEbxo0gxWhHv2UULvrSjmSGZ2Q6sDJURqH4aqJ5WFBXF3tYsCw2SLEHNasM4srJtMXTL1xG+upHRyALF4QLqZzWZ5Tt0eItFMgn7vR0Jt9/26PjoRio4VzBVrKq2xyEwpsS+AApTzhjVT01VFGMVmtwMMEy7M12EBPkhB1FCo9mZbkJC1pAuNB7x2/sCvW26PKUVGi3/iv+p1NoTsoPp1bJyuesaS334OjS9gWJXrvGb32y5GBEMBUxVaGHEGlnV2T5a8bgSzlwpoqquYbjB2fOYPU4Ibqo6c4mrpzzO83w+Whdrt/A6lgyd5VBJcieEQErQo9KIfYLOjZYkrXENZ6KeYE5Qx4w32/ESOyXXm1fKkbmvW5Dn+LibET4pZwRH5YzSN7sMXddGd8l/TIVxtz3a70UsljaLHee6GBXklqd456JkfzdTemL0fEG3yS5klg7OMNTpb/7Db/bOFX+1lQKU94LwSZlf+6q5gcbBrZF+pbdjA4mCtgINlILfuC/mBgmY9i6NTge3cAwg+ILnATO7/mwXDOb1NgQzgrTObHApEOAg2xj8MOUVQfqsG2syM7KiIltKaOj/tr/EsqQEExMd7iX6W4v7MDd9eWv2+z41Yun5OV5aOO06W5kK4S5W1WSZ5UGhw+Nhjy7gD4ltoW5bycvq4iNgTe73wbDjTTyWF7WAvfYS1GafFZaOyQEVlLS/IFMs6pTM471snIX+E9rjPy9k2TeXRX7dTAjEmwDQR2tma78ChJALbsDXBaNUsQg0aUsPHt4VSz6RH/Wba4LsTHyhuGTc2DeYNix8Uoa6mUdBc5vElrDGLFZNC1xrFd2G0E8ssBr+XFEuUvdoxE1tyhPtZNGcB4v4KonOwrNbSBD7RaStRfs8iZp6kYGvKD3XOasbAM8pDsYliO9Wcr0lYd3axpeNBT1xqOaXPo2iT5eMgd+cuxZUuRU4Ik5swvmNZrFVl7I3ecFoXYBN8GKiiEnN+o4RVIkZzrgqN26I2ZSPYcA9O2mS8BWwCXx3H9du9SN1W8hSoM5uVrhdasbbbpq1DSK9t19lxlXIvB1wIPF+7Qo30DGgldwL4MH3qUYCky95U9eo6cW70cQB4gDeJ1jMoqSh8gHhyPVcmcSuZMDsBbF9Gvs9cLqSPhnTEr1l8UZCA2tKAQKplRJPhJCZ26DYlwCj9gyQqWdnxF/l28doeNZsYktztDLeatTn1zD7/E8kHBfCcWe19Kl/h2FbinzX118bJhqCe3h1DWClZgjsQRN4w6t7lXMb13urFQ0JMPlSnzKvRPyYNklQaTx5qxWZjC2DhqC8osC7jzDXwORtfboN3TYS+oou6Y3CX4G6urwczafyuBq2f0gaQoABAOLLqnkdt9UBDbDmTEgB+UW8ur4IC4MKPrzTpjiZOZ1yQEBdsxAtffjbomrwDt5luM4FsLN4HSGoBPtciKfU9yejwkdHuIENK9Kdmr5bQMmAExpK6EfQjm9WMRIz2SRsv0T2FrTOdB+xzY7h1jVnppdN6vD/m3PtZbJe/oLEGOaN91+JrOh83+pynZWHGSLjJHKGVMMo959FHDDkKuWf2UnR1Wa5lizZxiBKCZKx+tfINQ4nT0+b8DhAesmYVa+TIWFocz6EhsnjW22/7Hbt5wm4qLo+sBolN7ybLYOyVLmesjpgeBsfOFbMb8IyGL3QTGcgvNyO5rDXse8AAw3v3qgS7H7loRH7GPafhb3ZW+RgOxdNTnkqQqFAohOxBeoyt7URlFttSKqbaLhENz5VvHA/ILgq/TTdHfLHv0KfzEhsVPOO9YuMZ57ZjYf/zzsMwY1gP9GdYEu7eng/dGbSf8jCKVrCp0HI75MvO8gI/zdsQJ4g3VVP1TLUaeMXL/QakvsEPunsnMgFRbkjHAaoCfnDmNPvOZHz/gV6kV8CtP/A1K6RiS6poWZuEBWs31+Oo786+yZ26KPtzk5B8wnQ3pLXReATPMqg8bFgHVdbVhkOWyf+DL3uVMXiN/UdiX1yJnYHj5nBAEqpgdutkm5aYACiVGhtkgI4JQkSp0Mc6LB8dkLy7QJ+H5Y24vy0Nd2TszTZKLTjPw7c281a/PVaY+ck1yJHFeITVv71wfWlFzEucq/jkMmpSJ+DhlB2GYvujRSot4YmCnye0r3PfjWj1RnHi6FU5red8kC5R6B7LcJp8VPsGI8AzkwUgI+UDXvuSJOSu3Xp9iFXYZXmlaRnpFcGHEmS62e/BDcP7+aDdsXEu9gYpgdh4ls4p3W8NMLR8ykZDPcwVLDIHn/d3YjuZIsGW6sZpxtdfFn0B59gqfBRYsW3HGMb2cqvWPCU1PU4EfgPANtncgu++1OpG8Tv/xNFCyeTOmj5tKdaD9kfad3+J4XaNIfs5k49xmSZ9TZVx122duNOT1HlW7C0N27pVMVedt5DdZRFQLFpg6bkYAaA2YI26AaT/lVkGI1cVs3Clu5TbnqVGlY4OdNcNBkq1R6CUvVai+/moCS/xL1HVc66icgIBmHAL5iHIVuu3LS0IaXcz7vFQJi0lyHNyecO26Vs0DX1ieraKuv9hsmyp1DjRTTIGAKvlfK4PkoxYjQHC9SCnEJv7/hExYEzT/Uf7HAhVJQfAwTmbUXqtkJN3CqGAbkL50TLiWYaniM2A3Kv6hAzUcurbYtn1E2de84PBG18qTN3OKPV2Cjct1zliW/AVsdf/cCMosPKRaYnWK470L+wEmj1V6XIih4lc1oeISU1bGevitU1hxrw5ItjaxKf5pqgsT5fAMa14g7PRAl1XEHLJzCpqzmWlcWDOixh6EscRGDluukcfCjYY72TRJURnwCKi2LrGEz0N3MAhWgSpB5aaqaxCsErRqfH70VZHjmf3Rg/agpGwSGmaBQjLUQR3B/Yzwli3IEFRQ9ud9VU6bfm0eaQQrqB1dkWGG/7/KZgwr+lbKmn55aDvPvqn4QB2fGEcUaX5n/+WllEsq5mR9wVng10EvmaKUKO5dgmBdlyKbyAwsq8mYpO6F8vdlyi4PeigyJd2O1kWmEnipa4EEUALg6pDTuQt4tuiE9lReJpBYoLX7XCuNp65dzTI8141NrezRLdLuZxyVUZXD1lfK78ZnR7iHSO3cyD+6UNBF6qqKaHGJitHV41HPbh5YRZsfhUG2LtGcOsBCN7PeEIRBshUqQn1ho9NY4CNGIehYZG4wFClPoxsMS/zAdohfENapgRJ+BPk8ap4UVc/E9Td5cBUMpIzlyKrbgn8MosBImx2PTPQy1UUAgia2x9/e8LU/TRfs0FA2Yqa7MeARl7tFXt9gKEH2H49wM3cRApQtF3tBZuaG+cCRhn+XJMTQa8mlWGPbwZKm1ytnsdfgifHfLtZXumB6k+opG0uf1oji49hj6sbYoQEFXugrqePduCwnJbnflmmutxh1SverqBnk3UZSsbBL/II2Uikl2m0RN85JtMRzenOXAS5coHL0PF41nw8vdSFqbnA7g4h40jorONCqrSTld1GYesmF7E1YtReuS7kij4tUO59c+Y1HLdwQ/vuH/EG6vkcrd5gI8dirf/tHi1rJwRrKm75QBcZXcpnZOGp4XOk+xrMURpwLVHn1nezBV/dnu5jwcxtzOHdOeyBRhwviQKRyZEcNuHdPxa8sTPd7Pwlkb0BbPAyC8u8dx76rI3B6efXX12jOWPalFtQKtiesd/ViORxnPnTiCLRpt0X3S1O+GbRK21iyJf6GRX6WMNHoVakoYTfsPMP6HE6gxDtrkKReuduk4g/Fe5bWIFawjmSkJXcn2h2x7CriiyJ3PO4vrjclMX4myS/XWleUPm7hHKsk+VxHgjhxKl4YRuaiT1CvG/43RKJ833KqSHGelXV4bNMVNrd2mDB1cNnm9q7m2PtUmKTg6X8QGkMgb+4JIG4Z25dlh+qivTrEjvtBQZkTHabyBOsT+wnw4Yb2Y5q0GVOmcko5XkeQfqt2TOz+yHCrMWd22pHomsy56R8/pASzfrag+Cs3DUQk5/wITJ7WJO08js5M51meE9aMoHTkVaG5JC1//Mx4F1d3irQ7DWG+Hg0GQHIm5ZkKbTWyOVr8Wbscuwcuq3gAjQMSn2GYj3Ktr4O51I9YB3TpxKr6mhc6UI+8x8CrgVL1ngow1oAoy2WWTt3n6Qw0suhNBlivlNXokJn5wXCb1JAr7Yv2W7ZnMQ6t4dK+usbIMvpzAEk9NAMEQSGXEYGDvK0w+ezPlfIYgrW2rmkzPeb1Gu1X3rVgEylxeaLPdT9CRFF1HKPrCViTtRJPRGd17fVPlgm1zlrYV2uJkdC4scn2mZE2q6iIbjbo6PwjA1OIZNyfXuF81kXJbwtobL/iDPe7O+/dsnIvJvyXvIZVrO0gp2db6r7xEKMGeNucv+GE75TO2l68eT7/5D+cy1W/4njn0kMmm0uVyTeYD4hrXmPC2M7ab4PWi4emqX7Njz/gQz582AFvk7N8jwyHo5vqfjLtaZH9FCu4ImDVIJ10cPkf7WOXUtWfvlBd0HbCk40M2gHv+8fh3Vyudanb6u8L44qYst8NNNQvzKtREhJPK/ktb1CaEWWsQmBNC2VArqngDLYtUuNeixRuSSRa/NlnhK8ZAyBS9g3VNo2BVQ5RUPaT/HNf2SLLBZNVk1DAvOJT7fs5q1vCli0TMu53+n0cJbrWrxtm0hlXQ3LrW99xpQFsAHfU/P8fjbpnNc/ummAvVVTDpvQmAOcMwSOOUDvpLBBjJVL/KsotLWSpq+asDMO9GRjG62g19F7dT+NaqcD6JYSZe7qBY/9pEWqkXOJKbiEtJYYiJq0zUsW1ic0pVWcasb1DZge7yI26I/yKamalzIvpeXdIHEa3c7heg6KRor5K57UIQDCq1L93dorPJokhfRaQERweFABrK6VH644ThXt0JFsfU+oY0/DBI3tlFxEsr+pO9rXaxantAX+zoo0TXJqcvDj4D358he04fi0u+r7JEWplT3Qf89D8Hiw4dD7WvcY6kBqkGPiQhA1qHelMAyMNhTWWjB+SRkKQ+//I0af/LU3JtqU89XctI585yHv4Rt8sQ5oceRBeqobdXfGqGKl884FlbdlYLFEITTnv5gPF+VXvZNybPXSTZtUbrB79ar1IYk5fl3qw5AObfhpQclgDtQe5OhRvcTTAPIzhRkVTzZVrrf5MfPsVvNAntaV2bJEuAG/FXkgcUOOOiZIAJvWTVhRjuP5b+NUm/FGjzKvvLGmkucKuCq/GgROTnyucLFkDnAUhBsknNP4LBt3LE/8jvZupFZxihzMaQyx37Vg0+73lTSp3h20+04dYFGhthcppNpdAOyNCOXrL7PrRWQZE0BJE59wz1n140sJA41LNT7yqND544EXrqsBegBYhJc5EY/ZPlVmRAGzdr+LrxU26v9LsmmbGgp1V3AiHktqbCFsF8uYtV0yJbTuoQYhBtHTSeQBe1wGuI8TS1BN9LR6T4qlHZhfwYKMaIbO+uknTenkjwyzRRFqRS+97VQxNVCC0/MUPirs7lGGIxNfKL5XJggkigljYC/5o/u4l5cE2r71FmYx86LjDY1R+PJy/bFj6dCbru9gzI0g7ffAE/eMdPVHY7e061oABnlGq4mwJsgVATaaJpjFE6jhiIqdAN8E6xysnAG8UJINTV0HeBC6l4HKC5uyJ/i3IVaU1PHHT5FolGafOFF3LuWsOkqVgQV9KtL2SKIKaUtWpMgopDFZSMPHP3TABJ43qr0Z7CmTOqd4ww6JN3mcJj9AEI3Zx5sYg1rVy0+WAhYkachLatXoK3UI+eVuuYsq8+X631R1ml66BBiXETX90O2YogHEfJprQ37yVKsYu7Rz7v2rOl3hcXDIV4ZGFWQlJLZH9+IrJc0WjihhybTVXUt8+EQx8lGxPMOlwZVKX96ZRjjVhVVlWJ7XzJGqUn9JZcNKChpXhEwin6HNiCrQ3jFNtojRjFHjaY33WphY7tnRovtn71nLcCFdfhtl/RFXqCc2/wpzZ0PucAP8gWpQKrPNTV9NAerhOmk+lf4vXqbEF+trzd2wAUBnbN/Fs2jChlrJ324/3xIUWln7MYYZY3i1k1v3skNES6tztfKhHwkvVi2Hne8tgmK41DPLAFGsWep+XZZru8+s04Jgr4akpvltSmdYFtDCYYRtBbpgakF3XDXg+TrKKhu98tjL6hpvKtMtPz8t/A9Vlxhr0R3kAEGCkJGwyFqk7+Iq5UKdDvziIGTTreSum2tI1nN8OjoKXRcVBBm0WT6MvUwPjAhMAkGBSsOAwIaBQAEFNlxShEqjGnVYPKgusrXCnrR1FOJBBQ+hZ7e1FVb25sn6FkGQuKCZvdHjQIDAYag - HUB_METADATA_TRUSTSTORE_PASSWORD: uumpassword - run: - path: /bin/bash - args: - - -euc - - | - echo "preparing keyring..." - echo "${CLUSTER_PUBLIC_KEY}" > key - gpg --import key - gpg --export > ~/.gnupg/pubring.gpg - echo "verifying package" - helm verify ./release/*.tgz - echo "rendering chart with release name '${RELEASE_NAME}' and namespace '${RELEASE_NAMESPACE}'..." - helm template \ - --name "${RELEASE_NAME}" \ - --namespace "${RELEASE_NAMESPACE}" \ - --set "global.cluster.name=${CLUSTER_NAME}" \ - --set "global.cluster.domain=${CLUSTER_DOMAIN}" \ - --set "global.cloudHsm.ip=${CLOUDHSM_IP}" \ - --set "stubConnector.enabled=true" \ - --set "vsp.hub.ssoLocation=${HUB_SSO_LOCATION}" \ - --set "vsp.hub.metadata.url=${HUB_METADATA_URL}" \ - --set "vsp.hub.entityID=${HUB_ENTITY_ID}" \ - --set "vsp.hub.metadata.truststore=${HUB_METADATA_TRUSTSTORE}" \ - --set "vsp.hub.metadata.truststorePassword=${HUB_METADATA_TRUSTSTORE_PASSWORD}" \ - --output-dir "./manifests/" \ - ./release/*.tgz - - - task: deploy-manifests - timeout: 10m - config: - platform: linux - image_resource: *task_toolbox - inputs: - - name: manifests - params: - KUBERNETES_SERVICE_ACCOUNT: ((namespace-deployer)) - KUBERNETES_TOKEN: ((namespace-deployer.token)) - KUBERNETES_API: kubernetes.default.svc - RELEASE_NAMESPACE: ((namespace-deployer.namespace)) - RELEASE_NAME: hmrc-integration - APP_NAME: proxy-node - run: - path: /bin/bash - args: - - -euc - - | - echo "configuring kubectl" - echo "${KUBERNETES_SERVICE_ACCOUNT}" | jq -r .["ca.crt"] > ca.crt - kubectl config set-cluster self --server=https://kubernetes.default --certificate-authority=ca.crt - kubectl config set-credentials deployer --token "${KUBERNETES_TOKEN}" - kubectl config set-context deployer --user deployer --cluster self - kubectl config use-context deployer - - echo "applying chart to ${RELEASE_NAMESPACE} namespace..." - kapp deploy \ - -y \ - --namespace "${RELEASE_NAMESPACE}" \ - --allow-ns "${RELEASE_NAMESPACE}" \ - --app "${RELEASE_NAME}-${APP_NAME}" \ - --diff-changes \ - -f ./manifests/ - echo "deleting ${RELEASE_NAMESPACE} connector pod" - kubectl -n ${RELEASE_NAMESPACE} delete pod -l app.kubernetes.io/name=connector - - - name: deploy-mt-integration - serial: true - plan: - - - get: release - trigger: true - - - get: daily - trigger: true - - - task: render-manifests - config: - platform: linux - image_resource: *task_toolbox - inputs: - - name: release - outputs: - - name: manifests - params: - CLUSTER_NAME: ((cluster.name)) - CLUSTER_DOMAIN: ((cluster.domain)) - CLUSTER_PUBLIC_KEY: ((artefact-signing-key.publicKey)) - RELEASE_NAMESPACE: ((namespace-deployer.namespace)) - RELEASE_NAME: mt-integration - CONNECTOR_NODE_NATIONALITY_CODE: MT - CONNECTOR_ENTITY_ID: https://stgmteidasnode.gov.mt/EidasNode/ConnectorMetadata - CONNECTOR_METADATA_FQDN: stgmteidasnode.gov.mt - CONNECTOR_METADATA_PATH: /EidasNode/ConnectorMetadata - CONNECTOR_METADATA_SIGNING_TRUSTSTORE_BASE64: MIIJFgIBAzCCCM8GCSqGSIb3DQEHAaCCCMAEggi8MIIIuDCCCLQGCSqGSIb3DQEHBqCCCKUwggihAgEAMIIImgYJKoZIhvcNAQcBMCkGCiqGSIb3DQEMAQYwGwQUkoiZnVtHq3YnVt/aw/k1ai6FV6ACAwDDUICCCGCQn3O+K868+RiOFUd8QsS+iUPWq9Y9QG8+MB78tznG8AwzDoy0TkhE9aVqkxrcIrZRYC8S3KPRotNMh3NWEMaJnPpHeDbZEhS9SYBoi0Slnx5MhfOToiXtJc72XYhHC9lEzyj/dOrjvr2atcZyd8Gr0DvhrY1sRpgaWnDjHHVr6vmFhRsksuiWHlYio4M6LcrskEOijzLrkE63G7+1U0Jy6nMY24uvRdDLhmBCPXOlA4/VFchNYDrFyIqwv5G7SDoCRhbin9/1nPyQhPyYgR3NKanHC5cGYETSnUgIVqyerjLK8tTxDtqo1GcIDt+BOiin777IOLxUq/D25LAe2fj9KQ1+hODKT8+CVPD5SR365RUb0BgcJgUrmjsKoc8lYjVYaScPRT1TDEDW3cs5jbB66xVxgWaeKEAO0pd/CxzXNIeu2dyV5dfv6i8TPwqr6GMwhrSeVdwnfKxat5NlwXJinJcXlg7pAmSK+trbVJKAzElMLLwgBwryLp0IW1QnJ3+JXTQ3+Ma9bAX4JcAdW2N/QTcwf39WsVcPLvs2i6jHon1y5Qf3Kuv1M7F1hVkVgUj8aCVtIEi34ASH33nHSz1O8xf+GST+mW+aqU7Z8JvoXNdoqfKrmeqpgmWEMwD3XLvQgNqPIzT82S8UhO3vNiYxorGLSNjgc+aQ4t2iR6LCrgNrYSoDhPa253Gp9UwyXQazsu2ey7hHddQ0CLhh+XeW+jeekpB8HAdYxQ59sUcuVhVOWxjg19rDy5q5l2Amk1T5t0OBh69FTHqv/U7ocs8uvKhqP/4n+TTBKgWhzPFdX452CxkujlED2vhvegWBGBhCWN5FfFsgIauo7g1hw4JsbWywyxoxRSCUgxOUqYMnTJBYw53uFDqDntRaTqfj0X4C38IpNfLQIy0JYMWB1IUFIyb3afZ1tsbBwNh14tCcW/ByN1xY5cnZmALVU7aAbeYDGFSel16kldlEILZlW2KjQ2h2c1LoHB0nMMJITqgD480Rop5QvOv6AUUMMNS1qvE0hJr6z0S7Utpb5jsUJNGcnicfsg7Hp97cmw2HJwgJJKtOQjC2Lh2Us3Mkz2QyAm6ttjzshdxsDHnPPaS1fNHhulrJte+nyxu59LYVKUoPBEXDhveuC5vgEll0ZSQNokwyobvaGSmIABEj+raDtFFLmYRc99c+fFooqFvKbM5hohk+YK2YL3CQ6kxuLhpev8YQnAoQQ37KkZCvxwJGrV/ZGPp+cSQ2EIZI4tMBxeLIK2YjKs0fxasOdjEfdSmr4wDEv7pleYAh4pwZXdPdJvwoE/9i4F94JufSmPVZfKDPqnTyGA0nb7b30raB2dZwMlDN51yYQtgE6daWVxtICftIZ0EYLBKKdLFUo/KDcXNWf8HC3y+uJjIoyAJJbG4RYWDP6adt9sY5aDOzdpvgq4VfGRQIUSAMgZxWhnDehmh6IhDDsOcdgbvmABbq0I5xwSLXTEbtBltZtU2DOkrhHEH3pcPbF0Op0zUpfh6bpmLLmB/qSLGK313zvg/cEUahX7wr/O95+TG7ypBR/KNoicouPArKFxsaaN58NdhNJCR6J8snwAynpxbkRhX215amknIgt7GotEItJWJCDg1sm+cXRE76DQfLNel0tBLTooAIdlnuOs4Vf19mxp4elSUOBBfIIZmE2RzXsJDlBH/S6fIm+reXGJ000flks5cL9CUaLA+v3IDDDm7p9rxeSrxRC2L9b2chSV+oNO7FglHnxFpP4eFd8d52oyDYHzzNUJjoSYJ4UkfhpXc8eyxOk5etR+oqIekT6li7dTe6+VSZ1FhvfnLquaPF59be0K3OmIfgvgtYYbsPe8YqDIbJ29edbuKgv5b0qWOTO+acvMOgAtnXd7JLNfrBSlfX5U5RWYFBpJB7IFS4ClJGQKHwup1LHNASyzhaLxsBmdfWpvwwmo19C9oq3bg83FmlUIJLzbu82GDhdlXdWiZv21Wv45rbeW7jxgMah1QO7fpfbsrBQ7G4XuE0/cjxWjVDY+tgb6KnxXXq5OCVGA1+BWx6DnwXA1xP+W432vSfYDQm7vyd1A+pvhtyimvesllpd01w1NxiNq2z64l2tcnuteCxtXKlBIRiJIO1MES9Zc4SqhoplKgVu6Ch6oX6mkI8aRBgwWld3AiiQQ/gOpNT4ogPHrMj7MsUd6aLToLNOHz2+rKFnKi1QOpXU7nOPy0j0oscHJlK66b1XYuWJrAcQXemgHeI4TcRohJy1khBC72TZQHOqCOE03Om8iDYHb1MtgZ58A/M3+MiwyfE1aIavPdkYv4ghH+uHnq75E0mt1fPWy3ZXrD2TB+n1y1AEd/E6dVTYKwQikZSdpG2ks+S0E6yaZaflRVAyPXhrHtBMbhpbm07HnVex7u3h5k21IARWoU1sk2Wzfu1aZ0enXzSbpqoHlk7VJmZGz3HuyKQVSEzhsqTaVaCHNAYi/3EGQeyxx2GFDJO0e9qY5oy1kU22uy24c4LL/Ht7cogSZ6A6MuEKgGEKp+9rdmg2MoIItt48DGd+QddGsVDP4nZEvfU/bS5hSq/67HaYS0sblgCAiGylL0jpcgnGlmRvF66nimqkeaUvXFzL+gfgXxFVgiV8AbsVSNrkbEWoizpPURO5vktmHzqklaabKQ7P6GN61pANPTnw7vWH/afCmtlSHcJ7sLdhlqPQASlTZ4LyNyP5v0IbFwtdTd9mSYNaS+WBeH6G7jxVeXbEQ525JBaG6vG7YyNVDAIffmwsuNAWWPpYbd3RRPEKtHABmaK/Rr7gaqZdv7+B+ecWjwLMBdaENzd9uikuXbJyxRc/vZ2IK2ZvmVMHJl8d+oa/YtguelLc71eBkcmpyfk5TA+MCEwCQYFKw4DAhoFAAQU/pc0hT7wgLNGaf7aHZHHzzflysgEFAeKs9b+TS7+XIisW5ey6gi/+O6RAgMBhqA= - CLOUDHSM_IP: ((cluster.cloudHsmIp)) - run: - path: /bin/bash - args: - - -euc - - | - echo "preparing keyring..." - echo "${CLUSTER_PUBLIC_KEY}" > key - gpg --import key - gpg --export > ~/.gnupg/pubring.gpg - echo "verifying package" - helm verify ./release/*.tgz - echo "rendering chart with release name '${RELEASE_NAME}' and namespace '${RELEASE_NAMESPACE}'..." - helm template \ - --name "${RELEASE_NAME}" \ - --namespace "${RELEASE_NAMESPACE}" \ - --set "global.cluster.name=${CLUSTER_NAME}" \ - --set "global.cluster.domain=${CLUSTER_DOMAIN}" \ - --set "global.cloudHsm.ip=${CLOUDHSM_IP}" \ - --set "connector.entityID=${CONNECTOR_ENTITY_ID}" \ - --set "connector.metadata.fqdn=${CONNECTOR_METADATA_FQDN}" \ - --set "connector.metadata.path=${CONNECTOR_METADATA_PATH}" \ - --set "connector.metadataSigningTruststoreBase64=${CONNECTOR_METADATA_SIGNING_TRUSTSTORE_BASE64}" \ - --set "translator.connectorNodeNationalityCode=${CONNECTOR_NODE_NATIONALITY_CODE}" \ - --output-dir "./manifests/" \ - ./release/*.tgz - - - task: deploy-manifests - timeout: 10m - config: - platform: linux - image_resource: *task_toolbox - inputs: - - name: manifests - params: - KUBERNETES_SERVICE_ACCOUNT: ((namespace-deployer)) - KUBERNETES_TOKEN: ((namespace-deployer.token)) - KUBERNETES_API: kubernetes.default.svc - RELEASE_NAMESPACE: ((namespace-deployer.namespace)) - RELEASE_NAME: mt-integration - APP_NAME: proxy-node - run: - path: /bin/bash - args: - - -euc - - | - echo "configuring kubectl" - echo "${KUBERNETES_SERVICE_ACCOUNT}" | jq -r .["ca.crt"] > ca.crt - kubectl config set-cluster self --server=https://kubernetes.default --certificate-authority=ca.crt - kubectl config set-credentials deployer --token "${KUBERNETES_TOKEN}" - kubectl config set-context deployer --user deployer --cluster self - kubectl config use-context deployer - - echo "applying chart to ${RELEASE_NAMESPACE} namespace..." - kapp deploy \ - -y \ - --namespace "${RELEASE_NAMESPACE}" \ - --allow-ns "${RELEASE_NAMESPACE}" \ - --app "${RELEASE_NAME}-${APP_NAME}" \ - --diff-changes \ - -f ./manifests/ From 1e56582aefebc3f73300efeda94523eb6a8d4ae6 Mon Sep 17 00:00:00 2001 From: Phil Miller Date: Tue, 13 Oct 2020 15:36:42 +0100 Subject: [PATCH 3/4] leave newline --- ci/prod/deploy-pipeline.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci/prod/deploy-pipeline.yaml b/ci/prod/deploy-pipeline.yaml index e053287f4..a982acc83 100644 --- a/ci/prod/deploy-pipeline.yaml +++ b/ci/prod/deploy-pipeline.yaml @@ -145,4 +145,4 @@ spec: --allow-ns "${RELEASE_NAMESPACE}" \ --app "${RELEASE_NAME}-${APP_NAME}" \ --diff-changes \ - -f ./manifests/ \ No newline at end of file + -f ./manifests/ From a92fa1ae212ff7374bee44cdc8f65a96d08dbf0a Mon Sep 17 00:00:00 2001 From: Phil Miller Date: Tue, 13 Oct 2020 16:22:51 +0100 Subject: [PATCH 4/4] vuln mitigation https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-1016906 --- build.gradle | 1 + 1 file changed, 1 insertion(+) diff --git a/build.gradle b/build.gradle index 7b0b32c7b..97ed9bcbe 100644 --- a/build.gradle +++ b/build.gradle @@ -110,6 +110,7 @@ subprojects { substitute module("commons-codec:commons-codec") because "https://snyk.io/vuln/SNYK-JAVA-COMMONSCODEC-561518" with module("commons-codec:commons-codec:1.13") substitute module("io.netty:netty-codec") because "https://snyk.io/vuln/SNYK-JAVA-IONETTY-564897" with module("io.netty:netty-codec:4.1.48.Final") substitute module("org.cryptacular:cryptacular") because "https://snyk.io/vuln/SNYK-JAVA-ORGCRYPTACULAR-543303" with module("org.cryptacular:cryptacular:1.2.4") + substitute module("org.apache.httpcomponents:httpclient") because "https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-1016906" with module("org.apache.httpcomponents:httpclient:4.5.13") exclude group: "commons-beanutils", module: "commons-beanutils" } }